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ABSTRACT 

Influx  is  a  reasoning  component  of  REALISE,  a  generic  platform  for  intelligent  systems 
currently  under  investigation  as  part  of  an  ongoing  research  program  conducted  by  the 
CAO  Branch.  Influx  is  envisioned  to  have  two  major  uses:  facilitating  and  mediating  rea¬ 
soning  processes  for  intelligent  missions,  and  serving  as  a  tool  and  framework  for  reasoning 
under  uncertainty.  This  document  reports  on  some  initial  research  and  development  ef¬ 
forts  pertaining  to  the  reasoning  aspect  of  Influx  in  the  latter  scenario.  Due  in  part  to 
its  generality,  the  Dempster-Shafer  (D-S)  theory  is  chosen  as  a  theoretical  basis  for  rep¬ 
resenting  imperfect  knowledge  and  for  reasoning  with  such  knowledge.  Since  Influx  is 
intended  to  deal  with  real-time  and  real-life  applications,  it  is  of  primary  importance  for 
the  reasoning  tool  to  practically  achieve  adequate  performance,  flexibility,  scalability  and 
system  dynamics.  To  this  end.  Influx  aspires  to  reach  such  objectives  while  attaining  a 
plausible  reasoning  mechanism  formulated  from  D-S  methods  and  techniques.  The  initial 
version,  Influxi,  is  a  simple,  but  highly  efficient  and  flexible,  nonmonotonic  rule-based 
system  enhanced  with  D-S  based  belief  representation,  fusion  and  inference.  Influxi  has 
been  applied  towards  tasks  that  include  situational  awareness  and  network  traffic  analysis. 
This  document  provides  a  high-level  description  of  Influxi  from  the  reasoning  perspective. 
Research  and  development  pertaining  to  the  implementation  of  the  reasoning  tool  and 
specific  applications  are  not  included  in  this  document. 
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Executive  Summary 

Influx  is  a  reasoning  component  of  a  larger  platform  for  intelligent  systems  currently  under 
investigation  as  part  of  an  ongoing  research  program  conducted  by  the  CAO  Branch  of 
CEWD,  Defence  Science  and  Technology  Group.  This  document  reports  on  the  initial 
version  Influxi,  a  tool  and  framework  currently  used  for  developing  and  executing  certain 
reasoning  tasks  under  uncertainty.  The  exposition  given  throughout  the  document  is 
purely  focused  on  the  reasoning  perspective. 

Since  uncertainty  is  a  major  notion  associated  with  knowledge  representation  and  rea¬ 
soning  in  Influx,  the  report  begins  with  an  overview  of  the  major  paradigms  (namely, 
numerical  and  symbolic)  for  uncertainty  representation,  which  is  followed  by  an  identifi¬ 
cation  of  reasons  for  adopting  a  numerical  approach  on  the  ground  of  efficiency  and  the 
accuracy  of  uncertainty  measurement.  To  further  clarify  the  types  of  uncertainty  and  the 
specific  formalisms  suited  to  Influxi ,  the  document  gives  a  brief  introduction  and  compar¬ 
ison  of  the  three  major  theories  (specifically,  probability  theory,  possibility  theory  and  the 
Dempster-Shafer  or  D-S  theory)  which  are  at  the  foundation  of  many  such  quantitative 
reasoning  approaches.  The  comparison  allows  D-S  theory  to  be  chosen  as  a  theoretical 
basis  for  the  reasoning  framework  due  to  its  generality. 

In  order  to  assist  the  reader  in  comprehending  the  various  reasoning  aspects  of  Influxi 
to  be  discussed,  the  report  provides  the  necessary  background  for  D-S  theory,  clarifying 
common  practical  concerns  (such  as  computational  complexity,  evidence  independence 
assumption,  conflict  handling  and  the  reliability  of  sources),  and  discussing  how  these 
concerns  have  been  addressed  in  the  literature.  This  is  followed  by  a  high-level  descrip¬ 
tion  of  the  reasoning  framework  in  Influxi  according  to  the  following  major  perspectives: 
concept  representation,  belief  representation,  belief  combination  and  belief  propagation. 

Regarding  concept  representation,  the  report  gives  an  explanation  of  how  knowledge  can  be 
represented  in  Influxi  and  how  a  complex  piece  of  knowledge  can  be  constructed  based  on 
simpler  ones.  As  the  reasoner  aims  to  support  real-world  applications,  a  piece  of  knowledge 
in  Influxi  is  often  not  known  with  certainty,  but  associated  with  a  belief  capturing  the 
degree  of  uncertainty  associated  with  the  piece  of  knowledge.  In  this  regard,  the  document 
discusses  the  multiple  methods  for  belief  representation  in  Influxi,  allowing  for  a  rich  and 
informative  interpretation  of  knowledge.  As  it  is  possible  that  there  is  more  than  one 
belief  associated  with  a  piece  of  knowledge  (which  is  usually  the  case  when  beliefs  are 
provided  by  multiple  sources  or  induced  by  a  collection  of  evidence),  there  is  a  need  to 
combine  such  beliefs.  In  this  regard,  the  document  presents  a  collection  of  methods  for 
belief  combination  implemented  in  Influxi .  Since  such  belief  combination  methods  possess 


UNCLASSIFIED 


UNCLASSIFIED 


different  characteristics  which  can  prevail  in  certain  scenarios,  a  broad  guideline  regarding 
how  the  methods  can  be  applied  in  various  practical  contexts  is  also  given.  It  is  also  often 
the  case  that  only  a  small  portion  of  the  knowledge  in  the  knowledge  base  has  access,  or  is 
visible,  to  the  external  world,  and  thus  can  receive  evidence  from  dedicated  sources.  The 
majority  of  the  knowledge  would  receive  no  direct  observations,  and  therefore  assessment 
of  their  belief  must  be  inferred  (if  possible)  from  other  pieces  of  knowledge.  To  this  end,  the 
report  explicates  how  the  relationship  between  any  two  pieces  of  knowledge  is  formulated 
in  the  framework  of  D-S  theory,  and  presents  a  collection  of  belief  propagation  functions 
that  allow  one  to  infer  the  degree  of  belief  for  knowledge  which  the  collected  evidence  does 
not  directly  bear  on. 

Finally,  a  summary  of  the  merits  and  limitations  of  the  reasoning  framework  with  respect 
to  flexibility,  efficiency,  scalability  and  system  dynamics  is  given. 
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1  Introduction 

Primarily  designed  as  a  knowledge  and  reasoning  backbone  of  a  high-level  and  distributed 
reasoning  platform,  Influx  is  not  intended  to  provide  sophisticated  reasoning.  Instead,  this 
reasoning  tool  aims  to  offer  core  reasoning  capabilities  with  imperfect  knowledge  that  can 
potentially  satisfy  many  practical  requirements,  including  reasoning  in  real-time,  handling 
a  potentially  very  large  amount  of  data,  flexibly  supporting  different  reasoning  modalities, 
and  supporting  dynamic  changes  and  updates  in  the  knowledge  structure.  Advanced 
and  complex  reasoning  tasks,  if  desired,  would  be  built  on  top  of  Influx,  or  delegated  to 
dedicated  tools  integrated  with  the  reasoning  system. 

To  open  the  possibility  for  Influx  to  flexibly  handle  and  reason  with  knowledge  with  differ¬ 
ent  natures  of  ‘imperfectness’,  Dempster-Shafer  (D-S)  theory  is  adopted  as  a  theoretical 
basis  for  the  design  of  Influx.  This  line  of  exploration  and  investigation  has  resulted  in 
the  development  of  two  versions  of  Influx:  Influxi  and  Influx2 . 

Influxi  is  a  simple,  but  highly  flexible  and  efficient,  tool  and  framework  for  reasoning  under 
uncertainty.  The  high  flexibility  of  Influxi  is  due  to  the  utilisation  of  various  methods 
and  techniques  pertaining  to  D-S  belief  representation,  fusion  and  inference.  The  high 
efficiency  of  Influxi  partly  owes  to  the  simplified  reasoning  mechanism,  making  it  possible 
to  devise  highly-optimised  techniques  for  data  storage  and  algorithm  execution  at  the 
implementation  level.  Influxi  has  been  applied  towards  tasks  that  include  situational 
awareness  and  network  traffic  analysis. 

Influx2  is  motivated  by  the  requirement  to  enhance  the  reasoning  capability  of  Influxi  while 
attempting  to  minimise  as  much  as  possible  the  amount  of  complexity  added  to  the  rea¬ 
soning  tool,  and  thus  retain  the  practicability  of  Influxi.  To  this  end,  Influx2  capitalises  on 
methods  and  techniques  in  the  paradigm  of  evidential  networks  so  as  to  facilitate  deductive 
and  abductive  reasoning  in  a  seamless  manner  and  to  rectify  certain  restrictions  of  Influxi . 
Nevertheless,  evidential  networks  and  related  models,  while  possessing  a  mathematically 
sound  and  powerful  mechanism  to  represent  and  reason  with  imperfect  knowledge,  often 
bear  high  computational  complexity  and  memory  consumption.  Many  of  them  also  re¬ 
quire  a  static  and  controlled  execution  environment,  rendering  themselves  impracticable 
in  many  real-life  situations.  This  has  led  us  to  implement  a  simplified  and  customised 
form  of  an  evidential  network  in  Influx2  which  potentially  offers  a  significant  decrease  in 
space  and  time  consumption,  and  potentially  promotes  system  dynamics.  As  a  result,  we 
have  devised  nonconventional  and  approximate  representation  and  reasoning  techniques 
where  conventional  and  exact  methods  are  no  longer  possible  due  to  the  various  restric¬ 
tions  imposed  on  the  network  structure. 

An  exposition  of  Influx2  will  be  given  in  another  document.  This  document  provides 
a  high-level  description  of  Influxi  from  the  reasoning  perspective.  The  organisation  of  the 
document  is  given  below. 

Section  2  presents  a  brief  discussion  pertaining  to  the  formal  representation  of  uncertainty, 
with  a  focus  on  numerical  formalisms.  The  section  also  clarifies  the  types  of  uncertainty 
to  be  addressed  in  Influx,  and  presents  the  rationale  for  choosing  D-S  theory  as  the  theo¬ 
retical  basis  for  the  reasoning  system. 

Section  3  provides  an  overview  of  the  applied  aspects  of  D-S  theory  in  the  particular  con- 


UNCLASSIFIED 


1 


DST  Group-TR-3142 


UNCLASSIFIED 


text  of  information  fusion.  In  addition,  the  section  discusses  and  addresses  major  concerns 
in  the  literature  pertaining  to  the  application  of  D-S  theory  in  a  practical  context. 

Section  4  presents  a  high-level  description  of  Influxi  from  the  reasoning  perspective,  de¬ 
tailing  how  D-S  theory  serves  as  a  basis  for  uncertainty  representation  and  reasoning  in 
the  system. 

Section  5  concludes  the  document  with  a  summary  of  the  merits  and  limitations  of  Influxi . 

In  order  to  make  the  material  accessible  to  a  wide  range  of  audiences,  the  content  of  this 
report  is  presented  in  a  conceptual  and  intuitive  manner. 
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2  Uncertainty  representation 

The  real  world  is  characterised  by  uncertainty  and  constantly  changing  conditions.  Any 
reasoning  system  that  strives  to  support  real-world  applications  should  be  able  to  appro¬ 
priately  handle  uncertain  information.  In  this  regard,  a  consideration  of  the  relevant  types 
of  uncertainty,  and  subsequently  of  the  appropriate  formalism  to  represent  and  reason  with 
uncertain  knowledge  is  a  prerequisite  to  the  design  and  development  of  any  practical  rea¬ 
soning  system. 
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Figure  1:  A  taxonomy  of  ignorance,  providing  one  interpretation  of  uncertainty  [52]  (cited 
in  [38]).  In  this  taxonomy,  uncertainty  is  viewed  as  one  type  of  incompleteness 
within  the  broad  spectrum  of  ‘ignorance’. 

Formal  representations  of  uncertainty^  have  drawn  substantial  research  interest,  giving 
rise  to  various  interpretations  and  formulations.  One  such  interpretation  is  illustrated  in 
Figure  1,  while  others  can  be  consulted  at  [56,  60,  63].  The  different  ways  to  describe 
uncertainty  inevitably  lead  to  efforts  to  devise  corresponding  modelling  and  computa¬ 
tional  techniques  —  the  multitude  of  diverse  formalisms  that  result  can  be  categorised  as 
numerical  and  symbolic. 

In  numerical  approaches,  certainty  is  quantitatively  measured  by  a  numerical  value,  whether 
it  is  a  probability  measure  (as  in  probability  theory),  possibility  and  necessity  measures 
(as  in  possibility  theory),  or  certainty  factors  (as  in  rule-based  systems).  Conversely,  in 
(purely)  symbolic  approaches,  uncertainty  is  handled  by  non-numerical  techniques.  More 
specifically  in  the  framework  of  modal  logics,  uncertainty  is  qualified  by  symbolic  modali¬ 
ties  (e.g.,  possible  and  necessary),  and  is  expressed  by  means  of  relative  confidence  relations 
between  propositions,  as  opposed  to  numerical  evaluations  [14].  In  other  non-monotonic 
formalisms  (such  as  default  logics  [43]  and  McCarthy’s  circumscription  [34]),  uncertainty 

^Please  note  that  in  the  literature,  the  term  uncertainty  is  both  used  to  (i)  broadly  capture  the  whole 
spectrum  of  possible  definitions  and  interpretations  pertaining  to  anything  that  is  not  exact  and  certain, 
and  (ii)  refer  to  one  specific  interpretation  of  the  notion.  In  this  document,  uncertainty  would  bear 
the  former  meaning  when  used  on  its  own,  and  adopt  the  latter  interpretation  otherwise  (i.e.,  uncertain 
knowledge  versus  incomplete  knowledge). 
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is  addressed  by  allowing  a  piece  of  information  to  be  incomplete,  thereby  permitting  a 
previously  derived  conclusion  to  be  revised  in  light  of  new  information. 

The  use  of  symbolic  modalities  and  the  ordinal  representation  of  uncertainty  can  be  more 
natural  and  appealing  in  certain  cases.  However  by  the  same  token,  purely  symbolic  ap¬ 
proaches  are  not  able  to  produce  answers  with  a  precise  degree  of  certainty  which  is  a 
highly  desirable  feature  in  many  applications.  Furthermore,  from  a  computational  point 
of  view,  reasoning  with  a  numerical  method  is  usually  more  efficient  than  with  a  symbolic 
approach,  explaining  the  predominant  application  of  quantitative  reasoning  in  practice. 
To  this  end,  apart  from  purely  numerical  systems  such  as  belief  networks  [39],  valua¬ 
tion  networks  [3,  53,  54]  and  evidential  networks  [64,  67],  attempts  have  also  been  made 
to  devise  systems  that  tightly  integrate  logical  techniques  with  numerical  representation 
of  uncertainty  such  as  probabilistic  logic  [36],  possibilistic  logic  [14]  and  subjective  logic 
[27],  or  hybrid  systems  that  combine  symbolic  and  numerical  approaches  in  a  loosely 
coupled  manner  such  as  ATMS^  augmented  with  uncertainty  management  (e.g.,  proba¬ 
bilistic  ATMS  [55],  possibilistic  ATMS  [13],  and  ATMS  using  Dempster-Shafer  methods 
[30]),  and  argumentation  systems  enhanced  with  uncertainty  treatment  (e.g.,  argumen¬ 
tation  systems  that  incorporate  probabilistic  information  [22]  or  Dempster-Shafer  belief 
functions  [24,  31]). 

Since  the  efficiency  of  the  reasoning  process  and  the  ability  to  distinguish  the  degrees  of 
certainty  among  hypotheses  are  critical  to  effective  decision  making,  numerical  methods 
are  adopted  as  the  representation  and  reasoning  basis  to  tackle  uncertainty  in  Influxi.  In 
order  to  further  explore  the  types  of  uncertainty  and  associated  formalisms  that  might  be 
suited  to  Influxi,  we  have  considered  the  three  major  theories  which  are  at  the  foundation 
of  the  aforementioned  reasoning  systems  and  others:  probability  theory,  Dempster-Shafer 
theory  and  possibility  theory.  A  brief  introduction  to  the  theories  is  given  below. 


2.1  Probability  theory 

In  this  mathematical  theory,  the  uncertainty  of  information  is  defined  by  means  of  prob¬ 
abilities.  To  date,  the  notion  of  probability  has  admitted  two  widely  accepted  interpreta¬ 
tions,  namely,  objective  and  subjective  probability.  From  the  viewpoint  of  the  frequentists, 
probability  is  concerned  with  chance  and  randomness  (and  thus,  objective).  A  typical 
example  of  an  objective  probability  is  the  relative  frequency  of  a  particular  outcome  of 
an  experiment,  provided  that  there  is  a  sufficient  (or  infinite)  number  of  outcomes  that 
can  be  observed.  Conversely,  from  the  standpoint  of  the  subjectivists,  probability  can  be 
associated  with  non- repeatable  events;  in  which  case  a  probability  is  supposed  to  reflect 
the  subjective  belief  of  an  agent  for  the  problem  at  hand  (based  on  its  experience  and/or 
current  state  of  information). 

As  preliminaries,  let  S  denote  the  sample  space  which  is  is  the  set  of  all  possible  outcomes 
associated  with  an  experiment  (e.g.,  the  set  of  possible  outcomes  for  tossing  two  coins  is  S 
=  {HH,  HT,  TH,  TT}).  Often,  one  is  interested  in  a  certain  aspect  of  the  experiment’s 
outcome  (such  as  the  number  of  heads),  and  thus  may  wish  to  represent  the  sample  space 
accordingly.  This  can  be  done  via  the  use  of  a  random  variable  A  :  5  — )•  0  where  0 

^Assumption-based  Truth  Maintenance  System 
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is  a  measurable  space  (such  as  0  =  {0,1)2},  the  possible  number  of  heads  in  such  an 
experiment).  The  space  0  is  also  referred  to  as  the  state  space  of  X.  Generally,  one  can 
dehne  multiple  state  spaces  corresponding  to  a  sample  space,  and  a  sample  space  in  one 
context  can  be  a  state  space  in  another  context  and  vice  versa. 

Probability  theory  measures  the  uncertainty  of  an  experiment  by  assigning  a  probability 
P{A)  to  each  event  ACS.  These  probabilities  must  obey  the  following  three  basic  axioms 
(known  as  the  Kolmogorov  axioms  for  probability): 

P{A)  >  0  (1) 


P{S)  =  1 


(2) 


if  A  n  S  =  0  then  P{A\J  B)  =  P{A)  +  P{B) .  (3) 

A  function  that  assigns  a  probability  to  each  of  the  elements  of  a  sample  or  state  space 
(e.g.,  for  unbiased  coins:  P{HH)  =  P{HT)  =  P{TH)  =  P{TT)  =  I)  is  referred  to  as  a 
probability  distribution. 

Since  any  event  A  can  be  described  as  the  union  of  the  joint  events  (A,  Bi),  the  third 
axiom  also  allows  the  probability  for  A  to  be  computed  from  the  probabilities  associated 
with  the  joint  events: 

n 

P{A)  =  Y,P{A,B,)  (4) 

i=l 

where  Bi,  i  =  I,  2,. ..,  n,  constitute  a  set  of  exhaustive  and  mutually  exclusive  events. 
A  probability  distribution  defined  on  such  joint  events  (Aj,  Bj)  is  known  as  a  joint  prob¬ 
ability  distribution.  For  example,  given  the  joint  probability  distribution  in  Table  1,  the 
probability  associated  with  the  occurrence  of  ‘virus a  is  computed  as: 


P{virusA)  =  '^'i=iP{virusA,  incidenti)  =  5  +  g  =  §• 


virus  A 

virus  B 

incidenti 

1 

2 

1 

9 

incident2 

1 

6 

2 

9 

Table  1:  An  example  joint  probability  distribution. 


A  probability  distribution  defined  on  a  set  of  events  is  often  not  static  and  can  be  updated 
in  the  light  of  new  evidence.  As  evidence  in  probability  theory  is  often  an  observation  show¬ 
ing  that  a  specific  event  has  occurred,  a  standard  way  to  perform  updating  is  by  making 
use  of  conditional  probability  functions.  A  conditional  probability  P{A\B)  is  a  function 
which  specifies  the  probability  that  A  will  occur,  given  the  condition  that  B  is  known  to 
have  occurred  and  everything  else  is  irrelevant  for  A.  In  probability  theory,  conditional 
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probabilities  are  defined  in  terms  of  joint  events  using  Bayes’  rule  of  conditioning: 


P{A\B) 


P{A,B) 

P{B) 


(5) 


Suppose  that  incidenti  in  Table  1  is  observed,  the  probability  associated  with  the  occur¬ 
rence  of  virus  A  now  becomes 


P{virusA  I  incidenti) 


P{virusA ,  incidenti) 
P{incidenti) 


1 

2 


9 

ll’ 


(6) 


Here,  if  P{B\A)  =P{B),  A  and  B  are  said  to  be  independent.  Similarly,  if  P{B\C, 
A)=  P{B  I  C),  A  and  B  are  said  to  be  conditionally  independent  given  C.  Closely  related 
to  Bayes’  rule  of  conditioning  (but  with  a  different  emphasis)  is  the  well-known  Bayes’ 
theorem  defined  as 


P{A\B) 


P{B\A)P{A) 


(7) 


According  to  the  above  formula,  the  probability  associated  with  the  occurrence  of  incidenti 
given  virus  A  can  be  computed  as  follows: 


P  {incidenti  \  virus  a) 


P{virusA  I  incidenti)  P{incidenti) 
P{virusA) 


Afl  +  1) 

11 V2  ^  gi 

2^6 


3 

4' 


(8) 


Bayes’  theorem  is  widely  used  both  in  theory  and  applications.  The  theorem  is  particularly 
useful  when  the  probabilities  associated  with  joint  events  are  absent  (which  is  often  the 
case  in  practice)  but  conditional  probabilities  (e.g.,  P{A\B)  and  P{B\A))  and  prior 
probabilities  (e.g.,  P{A)  and  P{B))  are  available.  Those  models  which  utilise  Bayes’ 
theorem  in  their  computation  are  commonly  referred  to  as  Bayesian  models. 

Though  probability  theory  is  a  well-recognised  and  widely-used  mathematical  tool  to  han¬ 
dle  uncertainty,  the  theory  has  a  number  of  limitations.  Our  major  concerns  in  utilising 
probability  theory  as  a  tool  to  handle  uncertainty  in  Influxi  include  the  following  issues: 


•  A  probabilistic  model  requires  the  existence  of  a  probability  distribution  to  capture 
the  epistemic  state  of  an  agent^.  When  such  a  probability  distribution  is  unavailable 
(thus,  the  agent  is  completely  ignorant  about  the  situation),  it  is  a  standard  practice 
to  apply  the  principle  of  insufficient  reason  (corresponding  to  the  maximum  entropy 
principle)  which  effectively  assigns  a  uniform  distribution  to  the  state  space  0.  This 
can  cause  some  difficulties  in  interpretation  and  manipulation  of  the  defined  proba¬ 
bilities.  For  instance,  a  probabilistic  model  may  not  be  able  to  distinguish  between 
whether  the  uncertainty  is  due  to  the  lack  of  information  (incomplete  information) 
or  to  the  variability  of  past  results  [14]  (as  illustrated  in  Example  1),  or  may  be 
susceptible  to  epistemic  inconsistency  when  the  granularity  of  0  is  manipulated  (as 

^An  agent  can  be  any  entity  that  has  the  capability  to  perceive  and  reason  about  the  current  state  of 
the  world. 
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shown  in  Example  2).  Examples  1  and  2  presented  below  re-illustrate  historical 
arguments  in  the  relevant  context. 

Example  1:  Let  ©i  =  {virusA,  viruss}  denote  the  set  of  all  types  of  virus 
possibly  responsible  for  a  security  incident.  Given  the  uniform  probability 
distribution  P{virusA)  =  P{virusB)  =  5,  one  would  have  difficulty  in 
determining  whether  this  information  is  (a)  a  statement  of  total  ignorance, 
or  (b)  the  result  of  accumulating  an  equal  amount  of  evidence  supporting 
both  types  of  virus,  respectively. 

Example  2:  Suppose  that  a  security  analyst  distinguishes  between  the 
two  subtypes  of  virus  a  (i-e.,  virus  a  now  corresponding  to  {virus  ai,  vir- 
USA2}),  hence  ©2  =  {virusAi,  virusA2,  viruss}-  Applying  the  principle 
of  insufficient  reason  on  ©2  would  yield 

P{virusAi)  =  P{yirusA2)  =  P{yirusB)  =  - 

O 

which  is,  in  the  case  of  total  ignorance,  incompatible  with  those  in  Example 
1 .  In  the  same  vein,  imagine  that  the  analyst  would  like  to  discern  between 
virus  A  and  virus  b  only,  and  thus  mapping  ©2  into  ©1.  Using  the  standard 
coarsening  algorithm  in  [46],  the  analyst  now  obtains  P {virus a)  =  5  +  5  = 

I  and  P{virusB)  =  To  this  end,  it  appears  that  the  support  for  virusA 
is  generated  by  itself  in  the  absence  of  any  evidence  and  known  prior 
probabilities. 

•  A  probabilistic  method  is  also  not  able  to  distinguish  between  disbelief  and  lack 
of  information^  as  shown  in  the  following  example,  due  to  the  unity  probability 
distribution  imposed  on  a  proposition  and  its  negation. 

Example  3:  In  another  scenario,  the  analyst  is  interested  in  identifying  if 
a  security  incident  is  caused  by  virus  a,  thus  ©4  =  {virus  a,  virus  a}-  Be¬ 
ing  able  to  recognise  only  some  features  that  may  suggest  the  involvement 
of  virusA  and  nothing  else,  the  analyst  specifies  P{virusA)  =  5-  Under  a 
probabilistic  interpretation,  the  probability  for  the  negation  of  the  propo¬ 
sition  can  be  automatically  inferred:  P{virusA)  =  1  -  P{virusA)  = 
which  does  not  faithfully  reflect  the  belief  of  the  analyst  in  this  particu¬ 
lar  situation  (since  the  rest  of  the  features  may  or  may  not  suggest  the 
possible  involvement  of  virus  a)- 

The  limitations  presented  above  are  among  the  main  reasons  for  alternative  theories  to  be 
proposed  and  developed.  Representatives  among  them  are  Dempster-Shafer  theory  and 
possibility  theory  which  will  now  be  introduced. 


2.2  Dempster-Shafer  (D-S)  theory 

The  so-called  Dempster-Shafer  (D-S)  theory^  originates  from  the  mathematical  framework 
concerning  lower  and  upper  probabilities  by  Dempster  [5]  which  extended  classical  prob- 

^The  Dempster-Shafer  theory  is  also  referred  to  as  the  theory  of  belief  functions. 
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ability  theory,  subsequently  formulated  by  Shafer  as  the  mathematical  theory  of  evidence 
[46],  and  further  studied  by  Smets  in  the  framework  of  transferable  belief  models  [51]. 

Comparisons  of  D-S  theory  and  its  predecessor  Bayesian  probability  theory  have  con¬ 
tributed  to  many  debates  in  the  literature  of  evidential  reasoning;  with  a  consensus  ac¬ 
knowledging  the  merits  of  both  (c.f.,  [50]),  thus  any  assessment  of  their  adequacy  and 
suitability  should  be  subject  to  the  specific  scenarios  and  the  problems  at  hand.  In  this 
regard,  most  relevant  to  our  concerns  is  that  D-S  theory,  unlike  the  Bayesian  approach, 
tolerates  the  incompleteness  of  information.  In  other  words,  the  theory  does  not  require  a 
complete  probabilistic  model  to  be  specihed,  and  thus  is  more  suitable  when  such  a  model 
is  only  partially  available.  To  this  end,  the  theory  preserves  the  numerical  representa¬ 
tion  for  uncertainty  (in  agreement  with  probability  theory),  but  allows  for  the  modelling 
of  incompleteness  by  means  of  disjunctive  sets  (just  as  in  classical  logics).  Consequently, 
instead  of  tackling  the  elements  in  the  state  space  0  themselves  (as  in  the  Bayesian  formal¬ 
ism),  D-S  theory  deals  with  all  possible  subsets  of  0  (i.e.,  elements  of  2®).  The  discussion 
that  follows  deals  primarily  with  the  applied  aspect  of  the  theory. 


{*^’.41.  VB2) 


{i'A1,Va2,Vbi]  {vaI^Va2^1’B2}  {  •  t’Bl  T’B2  }  {t'.42,  t-’B!.  l’B2} 


{I'Al}  {l’.42}  {VBl)  {t’B2l 


Figure  2:  A  discernment  space  containing  all  the  possible  propositions  derived  from  0  = 
{vai,va2,vbi,vb2}  ■ 

Formally,  let  a  frame  of  discernment  0  be  a  set  of  possible  answers  to  some  question, 
or  possible  values  for  some  variable®.  The  elements  of  0  are  required  to  be  exhaustive 
and  mutually  exclusive]  that  is,  at  any  one  time,  one  and  only  one  element  in  0  can  be 
true.  A  so-called  proposition  or  hypothesis,  A,  is  defined  as  a  subset  of  0,  and  is  said  to 
be  true  if  the  truth  lies  within  A.  For  example,  let  A  correspond  to  the  proposition  ‘the 
incident  is  caused  by  a  virus  of  type  A'  (see  Table  1).  Then  A  would  be  represented  as  A 
=  {virus Ai,  virusA2},  and  would  be  true  if  either  {virus ai}  or  {virus A2}  is  true.  The  set 
of  all  possible  propositions  derived  from  0  constitutes  a  discernment  space  and  is  denoted 
as  2®. 

Figure  2  illustrates  the  space  of  discernment  derived  from  a  given  frame  of  discernment  0. 
Among  the  depicted  propositions,  the  root  proposition  is  0  itself,  and  those  at  the  bottom 

®A  frame  of  discernment  in  D-S  theory  corresponds  to  a  state  space  in  probability  theory. 


UNCLASSIFIED 


UNCLASSIFIED 


DST  Group-TR-3142 


are  called  singletons  (i.e.,  one-element  propositions).  Please  note  that  the  proposition 
corresponding  to  the  empty  set,  0,  is  not  included  in  Figure  2. 

The  primitive  function  in  D-S  theory  is  a  function  m  :  2®  — >■  [0,  1],  called  a  basie  probability 
assignment  (bpa)®,  such  that: 


Eyic2e 

m(0)  =  0 

where  m{A)  encodes  the  belief  mass  assigned  to  the  proposition  AJ 


(9) 


A  bpa  can  be  considered  a  generalisation  of  the  probability  function  in  that  one  can  assign 
belief  mass  to  elements  of  the  space  of  discernment,  2®,  rather  than  elements  of  the  frame 
of  discernment  0,  as  in  the  Bayesian  fashion.  However,  it  is  important  to  note  that  one 
should  not  simply  interpret  m{A)  as  the  probability  of  the  occurrence  of  A,  as  m{A)  is 
the  belief  mass  assigned  to  A  only  and  to  none  of  its  subsets*  (see  Example  4). 


Example  4:  Given  0  =  {virusAi,  virusA2,  viruss}  which  denotes  all  the 
possible  causes  for  an  incident  I,  and  a  bpa  m  reported  by  an  agent  as  follows 


m{{virusAi})  =  5, 
m{{virusAi,  virusA2})  =  5, 
m(0)  =  m{{virusAi,  virusA2,  virusB})  =  g, 

and  m{A)  =  0  for  all  other  A  C  0  (note  that  fn{A)  =  1). 

The  quantity  ^  should  be  interpreted  as  the  portion  of  belief  committed  to 
{virus Ai},  while  the  quantity  |  is  the  portion  of  belief  pending  over  {virusAi, 
virus A2}  (which  is  not  yet  committed  to  either  {virus ai}  or  {virus A2}  due  to 
lack  of  knowledge,  but  can  be  gradually  transferred  to  {virusAi}  or  {virusA2} 
in  light  of  further  evidence).  Likewise,  the  quantity  1  —  |  —  |  =  gis  the 
portion  of  belief  pending  over  the  whole  frame  (which  remains  unassigned 
after  allocation  of  belief  to  various  proper  subsets  of  0).  When  m(0)  =  1  (i.e., 
when  there  is  no  belief  mass  assigned  to  any  of  the  proper  subsets  of  0),  the 
agent  is  said  to  be  completely  ignorant.  In  such  a  case,  the  agent  believes  that 
the  incident  I  is  eertainly  caused  by  one  of  the  elements  of  0,  but  it  does  not 
have  any  knowledge  to  make  a  more  informed  judgment  (thus,  m(0)  =  1). 


With  such  expressiveness,  D-S  theory  does  not  experience  the  aforementioned  difficulties 
encountered  by  the  Bayesian  formalisms  due  to  the  fact  that  incompleteness  of  information 
can  be  expressed  explicitly  by  assigning  belief  mass  to  unions  of  singletons  or  to  the  whole 
frame  of  discernment  0.  More  specifically,  by  representing  the  state  of  total  ignorance 

®The  basic  probability  assignment  m  is  also  widely  referred  to,  in  its  unnormalised  form,  as  basic  belief 
assignment  (bba)  by  Smets  [49],  or  more  generally,  a  mass  assignment. 

^Shafer  adopts  a  closed-world  assumption  and  enforces  m(0)  to  be  0.  In  the  open-world  formnlation  of 
D-S  theory  studied  by  Smets  [51],  belief  mass  can  be  assigned  to  0  to  indicate  the  fact  that  the  answer  for 
a  problem  may  lie  outside  those  captured  in  the  current  frame  of  discernment. 

®For  this  reason,  a  bpa  is  not  required  to  be  inclusion-monotonic  [14]:  it  is  plausible  to  have 
m{{virusAi})  >  m{{virusAi,  virusA2})  even  though  {virusAi}  C  {virusAi,  virusA2}. 
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as  m(0)  =  1,  D-S  theory  maintains  the  difference  between  the  variability  of  past  results 
{m{{virusAi})  =  m{{virusA2})  =  rn{{virusB})  =  5)  and  incompleteness  (m(0)  =  1) 
discussed  in  Example  1.  As  m(0)  =  1  resists  changes  in  the  granularity  of  0,  the  epistemic 
inconsistency  illustrated  in  Example  2  is  also  eliminated  (transformation  between  02  and 
01  does  not  alter  the  state  of  ignorance  of  the  discussed  bpas).  Likewise  in  Example  3,  the 
theory  is  able  to  clearly  distinguish  between  the  states  of  disbelief  and  lack  of  information. 
In  this  case,  since  the  analyst  does  not  have  any  evidence  that  disconfirms  {virus a}  (i-e., 
confirms  {virus a}),  this  epistemic  state  can  be  faithfully  reflected  in  a  D-S  model  by 
allocating  the  rest  of  the  total  belief  (1  -  to  m(0)  (instead  of  {virus a})- 

A  bpa  induces  two  other  important  set-functions,  respectively  known  as  a  belief  function 
Bel  and  a  plausibility  function  PL  Bel  and  PI  are  defined  by: 


Bel{A)  =  ^  m{B), 

(10) 

Pl{A)  =  m{B). 

(11) 

snA/0 

The  D-S  belief  function,  Bel,  corresponds  to  a  probability  function  in  probability  theory. 
Bel  also  obeys  basic  axioms  for  probabilities  (see  Section  2.1)  except  that  it  is  not  additive 
(i.e.,  Eq.  (3)  is  removed): 


Bel{A)  >  0, 

Bel{e)  =  1, 

if  A  n  .B  =  0  then  Bel{A  U  B)  >  Bel{A)  -h  Bel{B). 


Dismissing  the  additive  axiom  when  dealing  with  beliefs  is  a  major  difference  between  D-S 
and  Bayesian  models.  For  example,  one  can  calculate  the  Bel  and  PI  values  for  various 
propositions  in  Example  4  using  Eq.  (10)  and  Eq.  (11)  as 

Bel  {{virus  Ai})  = 

Pl{{virusAi})  =  J-Fj-hJ  =  l, 

2  3b 

Bel{{virusAi,virusA2})  =  x  +  ^  =  |, 

3  2b 

,/r  1  1  1 

Pl{{virusAi,  Virus  A2})  =  o  +  e  +  c=l’ 

3  b  b 

Bel{{virusB})  =  0, 


and  ^ 

Pl{{virusB})  =  -■ 

b 


It  is  easy  to  see  from  the  above  example  that  both  the  belief  and  plausibility  functions 
are  non-additive  (e.g.,  Bel{{virusAi,  virusA2})P  Bel{{virusAi})  +  Bel  {{virus  A2}),  and 
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that  Bel{Q)  and  Pl{Q)  are  always  equal  to  1. 

In  essence,  Bel  measures  the  extent  to  which  an  agent  believes  A,  and  PI  measures  the 
degree  to  which  the  agent  fails  to  disbelieve  A  (i.e.,  A  could  be  true  and  Pl{A)  =  1 
-  Bel{A)).  Subsequently,  the  size  of  the  interval  [Bel{A),  Pl{A)]  can  be  regarded  as 
the  amount  of  uncertainty  with  respect  to  A,  given  the  evidence.  It  is  belief  that  is 
committed  by  the  evidence  to  neither  A  nor  A.  The  larger  the  interval  is,  the  more  likely 
the  information  or  evidence  is  missing  or  unreliable.  When  an  agent  is  in  a  state  of  total 
ignorance  (i.e.,  m(0)  =  1,  and  thus  Bel{A)  =  0  and  Pl{A)  =  1  ),  the  interval  [Bel{A), 
Pl{A)]  would  be  [0,  1].  At  the  other  extreme,  if  the  agent  has  complete  knowledge  about 
the  situation  for  it  to  allocate  mass  to  the  singletons  of  0  only,  the  probability,  belief  and 
plausibility  measures  would  become  identical  {P{B)  =  Bel{B)  =  Pl{B)  for  any  A  C  0) 
as  well  as  additive  {Bel{Ai  U  A2)  =  Bel{Ai)  +  Bel{A2)  if  Aifl  A2  =  0).  In  this  case,  the 
interval  [Bel{A),  Pl(A)]  would  collapse  into  P{A),  and  reasoning  with  D-S  belief  functions 
reduces  to  standard  Bayesian  reasoning. 


Like  Bayesian  models,  beliefs  in  D-S  models  can  be  updated  via  conditioning  where  the 
notion  of  conditional  belief  is  defined  as: 


Bel{A  I  B) 


Bel{A  U  B)-  Bel{B) 
1  -  Bel(B) 


and 


Pl{A  I  B) 


Pl{A  n  B) 
'Pl{B) 


Bel{A  I  B)  and  Pl{A  \  B)  are  collectively  referred  to  as  Dempster’s  rule  of  conditioning 
which  effectively  reduces  to  P{A  \  B)  when  probability  functions  are  in  place  of  belief 
functions. 


Whilst  rectifying  limitations  of  Bayesian  probability  theory,  D-S  theory  is  itself  not  free 
of  issues.  Most  notoriously,  the  expressiveness  offered  by  a  D-S  model  obviously  comes 
at  the  cost  of  higher  computational  complexity.  Limitations  of  D-S  models  are  clarified, 
discussed  and  addressed  in  Section  3  of  this  document. 


2.3  Possibility  theory 

The  formal  theory  of  possibility  was  developed  based  on  the  notion  of  fuzzy  sets  by  Zadeh 
[68],  though  the  idea  of  using  possibility  measures,  as  an  alternative  to  probabilities,  is 
generally  attributed  to  Shackle’s  work  [45]  on  modelling  expectation  and  potential  sur¬ 
prise  in  human  decision  making.  Possibility  theory  addresses  uncertainty  from  another 
perspective.  Instead  of  viewing  uncertainty  from  a  statistical  standpoint  as  in  probability 
theory,  possibility  theory  focuses  on  the  uncertainty  intrinsic  in  linguistic  information. 
That  is,  the  theory  is  mainly  concerned  with  the  meaning  of  the  information  (rather  than 
its  measure)  [68]  and  tackles  problems  such  as  ambiguity  and  vagueness. 

Taking  place  of  a  probability  distribution,  a  possibility  distribution  is  a  function  tt:  2®  — )• 
[0, 1]  such  that  7r(0)  =  0  and  7r(0)  =  1.  The  quantity  it{A)  =  1  means  that  A  is  totally 
possible  (plausible),  while  'k{A)  =  0  implies  that  A  is  impossible.  In  the  absence  of 
information,  possibility  theory  adopts  the  principle  of  minimum  specificity  which  assigns 
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to  each  state  the  highest  degree  of  possibility.  Table  2  illustrates  an  example  possibility 
distribution  in  contrast  with  a  probability  distribution. 


The  plausibility  and  certainty  of  a  proposition  A  (in  terms  of  distance  to  an  ideally  plau¬ 
sible  situation)  can  be  evaluated  using  the  possibility  measure  11  and  necessity  measure 


N: 


n(A)  =  max7r(s), 


N{A)  =  1  —  n(A)  =  min(l  —  7r(s)); 

s^A 

and 

n(A  UB)  =  max(n(A),  n(5)), 
N{A  r\B)  =  mm{N{A),  N{B)). 


Though  focusing  on  a  different  aspect  of  uncertainty,  measures  of  uncertainty  in  possibility 
theory  hold  some  connections  with  those  in  probability  and  D-S  theories.  Whereas  a 
probability  distribution  provides  precise  and  disjunct  pieces  of  information,  a  possibility 
distribution  encodes  imprecise,  but  consonant®,  pieces  of  information  [14].  As  a  result,  if  A 
is  impossible,  it  is  likely  to  be  improbable,  but  a  high  degree  of  possibility  does  not  entail 
a  high  degree  of  probability,  nor  does  a  low  degree  of  probability  indicate  a  low  degree 
of  possibility  [68].  For  example,  as  illustrated  in  Table  2,  while  it  is  totally  possible  that 
the  incident  is  caused  by  either  {virusAi}  or  {virusA2},  it  is  much  more  likely  that  the 
incident  is  caused  by  {virus Ai}  rather  than  {virus A2} ■  In  general,  their  relationship  can 
be  captured  as  N{A)  <  P{A)  <  n(A),  With  regard  to  D-S  theory,  both  theories 


X  {virus  Ai} 

{virus  A2} 

{virusB} 

7r{x)  1 

1 

2 

3 

Pix)  1 

3 

16 

1 

16 

Table  2:  A  possibility  distribution  vr  in  comparison  to  a  probability  distribution  P. 


correspond  to  a  particular  family  of  probability  measures  [14].  In  particular,  the  possibility 
and  necessity  measures  coincide  with  the  plausibility  and  belief  functions,  with  PI  >  B 
and  Bel  <  N  (in  the  general  case)  and  PI  =  Il  and  Bel  =  N  (in  the  finite  consonant  case) 
[14]. 

Possibility  theory  provides  a  simple  but  useful  approach  to  handle  the  uncertainty  and  in¬ 
completeness  of  information.  Nevertheless,  our  focus  in  designing  and  developing  Influxi 
is  on  modelling  the  degree  of  belief  (or  confidence)  regarding  the  truth  of  a  piece  of  in¬ 
formation,  rather  than  degree  of  truth  associated  with  vague  and  ambiguous  information. 
Therefore  although  ideas  and  models  based  on  possibility  theory  can  be  potentially  inte¬ 
grated  into  various  elements  of  the  reasoning  tool  in  the  future,  the  theory  is  not  considered 
as  a  theoretical  basis  for  the  current  design  and  implementation  of  Influxi. 

^Pieces  of  information  are  referred  to  as  consonant  if  they  can  be  represented  in  a  nested  structure. 

^^Nevertheless,  transformation  between  a  probability  and  possibility  measure  can  be  done  in  certain 
circumstances,  generally  with  some  information  loss  (c.f.,  [14]). 
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2.4  Uncertainty  formalism  adopted  in  Influx 

Influx  is  intended  to  be  a  reasoning  system  dealing  with  imperfect  information  (and  knowl¬ 
edge).  Of  particular  interest  in  regard  to  the  anticipated  imperfection  are  incompleteness 
(and  thus,  imprecision)  (i.e.,  a  piece  of  information  is  not  sufficiently  specific  for  an  agent 
to  answer  a  relevant  question),  uncertainty  (i.e.,  a  piece  of  information  is  not  known  to  be 
true  or  false)  and  contradiction  (i.e.,  pieces  of  information  provided  from  different  sources 
can  be  contradicting).  Thus,  unlike  the  taxonomy  presented  in  Figure  1,  uncertainty  is  not 
considered  a  subtype  of  incompleteness  in  Influx.  Instead,  uncertainty  and  incomplete¬ 
ness,  together  with  contradiction,  characterise  a  more  general  notion  of  imperfectness.  To 
represent  and  reason  with  such  imperfect  information,  a  numerical  formalism  (specifically, 
D-S  theory)  is  adopted  as  the  theoretical  framework  for  the  development  of  reasoning 
capabilities  in  Influx. 

Though  the  Bayesian  formalism  is  convenient  and  efficient  in  tackling  uncertainty,  D-S 
theory  is  chosen  due  to  a  number  of  factors.  D-S  theory  provides  a  more  flexible  reasoning 
framework,  allowing  one  to  represent  forms  of  uncertainty  difficult  to  realise  within  the 
framework  of  probability  theory  (such  as  the  incompleteness/imprecision  of  information, 
besides  the  uncertainty) .  In  addition,  the  literature  of  evidential  reasoning  provides  a  large 
collection  of  DS-related  combination  rules  to  fuse  information  from  multiple  sources  most 
appropriately  for  the  situations  at  hand  (as  will  be  discussed  in  Section  3).  Indeed,  with 
an  ability  to  represent  all  forms  of  uncertainty,  from  total  ignorance  to  full  knowledge, 
a  DS-based  reasoning  tool  can  achieve  high  versatility  —  being  able  to  accommodate  a 
wider  range  of  applications  and  catering  for  various  reasoning  scenarios.  For  instance, 
D-S  theory,  in  principle,  allows  for  reasoning  using  belief  functions  in  situations  where 
only  partial  knowledge  is  available,  seamlessly  reducing  into  Bayesian  reasoning  when  full 
knowledge  is  available,  and  possibly  collapsing  into  standard  rule-based  inferencing  when 
such  a  form  of  reasoning  is  desired.  Ultimately,  each  of  these  reasoning  formalisms  (and 
possibly  others)  can  prevail  in  different  conditions  and  scenarios  —  it  is  highly  desirable 
to  have  at  one’s  disposal  a  unified  framework  capable  of  supporting  multiple  reasoning 
modalities  including  those  presented  above.  Our  decision  to  adopt  D-S  theory  as  a  basis 
for  representing  and  reasoning  with  uncertainty  is  driven  by  this  ultimate  vision. 

It  is  important  to  note  that  throughout  the  design  and  development  of  Influx,  various 
restrictions  on  the  expressiveness  of  the  D-S  calculus  have  been,  and  are  to  be,  made  in 
order  to  enhance  the  practicability  of  the  reasoning  tool.  In  this  aspect,  D-S  theory  offers 
one  the  freedom  to  flexibly  derive  and  apply  restrictions  that  best  suit  specific  goals  and 
scenarios. 
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3  Preliminaries  of  the  Dempster-Shafer  theory 

This  section  is  devoted  to  a  brief  discussion  of  the  applied  aspect  of  D-S  theory  in  the 
context  of  information  fusion.  Recall  that  given  a  finite  frame  of  discernment  0  which 
captures  all  the  possible  and  mutually  exclusive  answers  for  a  problem  at  hand,  a  bpa  m  is 
a  primitive  function  that  allows  an  agent  to  express  its  present  state  of  belief  by  assigning 
belief  mass  to  various  propositions  A  such  that 

m:2®^  [0,1], 

m{A)  =  1,  and 

AC2® 

m(0)  =  0. 

Generally,  not  every  subset  A  of  0  would  receive  a  non-zero  belief  assignment.  When 
A  C  0  and  m(A)  >  0,  A  is  referred  to  as  a  focal  set.  Bpas  may  be  described  according  to 
their  focal  sets.  More  specifically,  a  bpa  m  is  said  to  be: 

•  vacuous,  if  m(0)  =  1  (which  represents  the  agent’s  state  of  total  ignorance); 

•  dogmatic,  if  0  is  not  a  focal  set; 

•  simple,  if  it  has  at  most  two  focal  sets,  including  0; 

•  dichotomous,  if  it  has  at  most  three  focal  sets  (A,  A  and  0); 

•  categorical,  if  it  is  simple  and  dogmatic; 

•  normal,  if  0  is  not  a  focal  set,  and  subnormal  otherwise; 

•  consonant,  if  all  its  focal  sets  Ai, ...,  Atv  are  nested:  0  C  Ai  C  ...  C  A^r  C  0;  and 

•  Bayesian,  if  all  of  its  focal  sets  are  singletons:  m(A)  >  0  and  |A|  =  1. 

When  there  is  more  than  one  bpa  defined  on  the  same  frame  of  discernment,  their  effects 
need  to  be  combined.  Shafer  [46]  in  developing  the  theory  has  reformulated  Dempster’s 
rule  of  combination  (now  commonly  referred  to  as  the  Dempster-Shafer,  or  D-S  rule)  to 
combine  evidence,  provided  that  the  bpas  being  combined  are  induced  by  distinct  and 
independent  pieces  of  evidence. 

In  many  real-world  applications  dealing  with  uncertainty,  the  reliability  of  information  is 
often  enhanced  by  means  of  collecting  relevant  pieces  of  information,  often  with  varying 
degrees  of  certainty,  from  multiple  sources,  necessitating  the  availability  of  methods  to 
aggregate  the  beliefs,  each  associated  with  each  piece  of  information.  In  this  aspect,  the 
D-S  rule  has  turned  out  to  be  very  useful,  and  thus  has  been  widely  investigated  in  the 
field  of  information  fusion  to  address  multiple  facets  of  uncertainty.  Using  the  D-S  rule  to 
combine  an  agent’s  present  state  of  belief  (expressed  in  mi)  with  a  specific  state  of  belief 
induced  by  a  new  piece  of  evidence  (expressed  in  m2)  allows  the  agent’s  state  of  belief  to 
be  updated  in  light  of  the  new  evidence.  Similarly,  fusing  a  number  of  ‘uncertain’  opinions 
from  independent  experts  is  likely  to  provide  a  more  trustworthy  answer  for  a  problem  of 
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interest,  and  combining  various  ‘incomplete’  pieces  of  knowledge  would  potentially  yield 
a  more  ‘complete’  piece  of  knowledge  about  a  situation. 

In  the  framework  of  D-S  theory,  combining  independent  beliefs  pertaining  to  the  same 
piece  of  information  is  usually  carried  out  through  an  aggregation  of  the  corresponding 
bpas  that  describe  them.  Let  mi  and  m2  be  the  two  bpas  to  be  combined,  the  combined 
bpa  mi  (8)  m2  (or  mu)  is  computed  using  the  D-S  rule  as  follows 

fnui^)  =  0  and  VA  G  2®\0  : 

^  ^  mi{B)m2{C).  (14) 

B,Ce2©,BnC=A 

where  the  conflict  mass  K  is: 

Ku  =  mi2(0)  =  ^  mi{B)m2{C) 

s,Ce2e,BnC=0 

In  the  above  formula,  K  represents  a  basic  probability  mass  associated  with  conflicts 
among  the  sources  of  evidence  (which  are  mi  and  m2  in  this  example).  If  Ku  is  close  to 
zero,  the  bpas  are  not  in  conflict,  whereas  if  Ku  is  close  to  1,  the  bpas  are  in  conflict. 
When  Ku  =  1,  the  bpas  are  said  to  be  in  total  conflict  and  thus  non-combinable.  Eq. 
(14)  is  also  referred  to  as  an  ‘orthogonal  sum’  due  to  the  way  it  combines  belief  masses 
provided  by  the  evidence.  Example  5  presents  a  simple  application  of  the  D-S  rule  to 
information  fusion,  while  Figure  3  graphically  illustrates  the  combination  process. 

Example  5:  Let  0  =  {virusAi,  virusA2i  vKusb},  and  the  bpas  mi,  m2 
provided  by  the  two  independent  sensors  1  and  2  be  as  follows: 

mi{{virusAi})=0-^,  mi{{virusB})=0-5,  mi(0)=O.2,  and 
m2{{virusAi,  virusA2})=0-7,  m2(0)=O.3. 

In  this  example,  {virus ai}  and  {virus b}  are  focal  elements  of  mi  while 
{virus Ai,  virus A2}  is  the  only  focal  element  of  m2.  The  information  provided 
by  sensors  1  and  2  are  both  uncertain  and  incomplete  (the  type  of  information 
that  a  Bayesian  formalism  would  find  difficult  to  represent  in  an  adequate  man¬ 
ner).  In  particular,  the  information  provided  by  sensor  2  illustrates  a  typical 
scenario  where  the  sensor  can  predict  that  the  virus  is  much  more  likely  to  be 
of  type  A  (rather  than  type  B),  but  is  incapable  of  detecting  the  specific  virus. 


Bringing  together  the  effect  of  mi  and  m2  on 

0  (see  Figure  3),  the  combined 

bpa  mi2  produced  by  an  application  of  the  D-S 

I  rule  clearly  indicates  a  support 

for  {virus Ai}  as  the  possible  answer: 

mi2({mrnsAi}) 

=  0.46, 

mui{vi'r'usB}) 

=  0.23, 

mu{{virusAi,  virus A2}) 

=  0.22, 

mu{&) 

=  0.09; 
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The  D-S  rule  also  possesses  attractive  algebraic  properties:  it  is  both  associative  (mi  (8) 
(m2  (8>  m3)  =  (mi  ®  m2)  (8>  m3))  and  commutative  (mi  (8)  m2  =  m2  <8)  mi).  This  means 
that  the  combination  process  for  a  large  number  of  bpas  is  not  required  to  be  computed 
at  once  (batch),  but  can  be  conducted  in  a  sequential,  incremental  and  local  manner. 


dedicatod  JO  '■  ■  *'/\2  I  =  (”.411 


Figure  3:  A  graphical  representation  of  the  orthogonal  sum  in  Example  5  where  {u^i}, 
{vA2}  and  {vb}  correspond  to  {virusAi},  {virusA2}  and  {viruss},  respectively. 


Frame  coarsenings  and  refinements  In  situations  where  the  elements  in  a  frame 
of  discernment  0  are  not  specific  enough  to  deal  with  the  problem  at  hand,  0  can  be 
transformed  into  a  more  refined  frame  U  using  the  following  mapping  rules: 

w  :  2®  ^  2^, 

AA)  =  U  u,({()})  (15) 

e&A 

where  the  sets  u)({0})  constitute  a  disjoint  partition  of  U.  Shafer  [46]  called  such  a  mapping 
u)  a  refining,  D  a  refinement  of  0,  and  0  a  coarsening  of  D.  In  a  similar  fashion,  it  is 
possible  to  derive  a  finer  or  coarser  bpa  by  discerning  a  bpa  on  D  or  0  (w  :  2®  — )•  2^) 
using  the  following  formulas: 

mfi(w(A))  =  m0(A),  VA  C  0, 

me{A)  =  ^  m{B)  (16) 

sen, 

A=u{B) 
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Example  6:  Given  the  frame  of  discernment  0  =  {virus ai,  virus A2,vi‘f'usB} 
and  the  following  bpa  expressed  on  0: 

meiivirusAi})  = 

mei{virusA2})  = 

meiivirusB})  = 


let  us  define  the  two  following  refinings  </>  and  ui  as 

a;  :  2®  ^  2^, 

uj{{virusAi})  =  {virusAi}, 
uj{{virusA2}) 
ijj{{virusB}) 


{virusA2], 

{virus Bi,  virus B2}-, 


^  .  2'f  ^  2®, 

(j){{virus a})  =  {virus Ai,  virus A2}- 
({){{virusB})  =  {virusB}- 


The  refinement  of  0  resulting  from  the  application  of  the  rehning  a;  to  0  is 

D  =  {virus  Ai,virusA2,virusBi-,virusB2}-, 

and  the  coarsening  of  0  according  to  the  refining  (p  is 

$  =  {virus A,  virus b{- 

Likewise,  the  bpa  m©  can  be  discerned  on  <h  and  D  (using  Eq.  (15))  as  follows 

mq>{{virusA})  = 
m<^{{virusB})  = 
m^{{virusAi})  = 
mQ{{virusA2})  = 
mn{{virusBi,  virus b2})  = 

In  general,  a  bpa  associated  with  a  frame  of  discernment  is  not  a  Bayesian  bpa  as  rep¬ 
resented  in  the  above  example,  and  thus  performing  frame  coarsening  or  refinement  can 
inevitably  result  in  a  certain  degree  of  information  loss. 

Despite  its  popularity  and  appealing  features,  the  D-S  rule  has  received  a  number  of 
concerns  and  criticisms  regarding  its  practical  usage.  A  compilation  of  such  concerns 
include: 

•  the  produced  results  may  be  counter-intuitive  in  the  case  of  very  highly  conflicting 
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evidence, 

•  the  potentially  high  computational  complexity  associated  with  the  D-S  rule, 

•  the  bodies  of  evidence  involved  in  the  combination  are  required  to  be  distinct  and 
independent,  and 

•  all  the  sources  of  evidence  (e.g.,  sensors)  are  assumed  to  be  reliable. 

The  sections  that  follow  discuss  and  address  these  concerns. 


3.1  Combination  of  highly  conflicting  evidence 

A  well-known  criticism  of  the  D-S  rule  is  by  Zadeh  [69,  70,  71]  who  states  that  the  rule 
yields  counter-intuitive  results  when  dealing  with  highly  conflicting  pieces  of  evidence.  For 
instance,  fusing  the  two  bpas  mi  and  m2  (given  by  two  independent  experts)  using  the 
D-S  rule,  one  would  obtain  the  combined  bpa  mi2  as  illustrated  in  Table  3.  According  to 


mi 

m2 

mi2 

{virus  Ai} 

0.9 

0.0 

0.0 

{virusA2} 

0.0 

0.9 

0.0 

{viruss} 

0.1 

0.1 

1.0 

0 

0.0 

0.0 

0.0 

Table  3:  An  example  combination  of  highly  conflicting  dogmatic  bpas  using  the  D-S  rule. 

Zadeh,  this  fusion  result  is  counter-intuitive  because  it  provides  strong  support  for  virus b 
which  is  considered  the  least  likely  cause  by  both  the  experts. 

Mathematically,  this  seemingly  counter-intuitive  result  is  directly  caused  by  the  com¬ 
bination  of  the  assignment  of  zero  values  to  mi{virusA2}  and  m2{virusAi}  (which  in 
effect  completely  eliminates  {virus A2}  and  {virus ai}  as  possible  answers)  and  the  use  of 
Bayesian  belief  functions.  Thus,  a  more  careful  examination  of  the  illustrated  example 
would  reveal  that  this  is  more  a  problem  pertaining  to  general  probabilistic  analysis,  ren¬ 
dering  itself  a  fairly  unfair  judgement  of  the  D-S  rule  [25].  Nevertheless,  the  problem  can 
be  explained  and/or  addressed  along  two  main  directions.  On  the  one  hand,  if  one  looks 
for  consensus  among  evidence,  this  result  is  indeed  not  counter-intuitive  (i.e.,  the  result 
indicates  that  virusB  is  the  hypothesis  that  both  sources  of  evidence  agree  upon).  On 
the  other  hand,  such  counter-intuitive  results  (if  indeed  they  are)  would  be  resolved  if  one 
does  not  assume  the  full  reliability  of  the  experts’  knowledge.  For  instance,  if  one  assigns 
a  very  small  value  e  (say,  0.01)  to  0,  the  result  given  by  the  D-S  rule  is  no  longer  counter¬ 
intuitive  as  illustrated  in  Table  4  (a  deeper  treatment  of  this  issue  can  be  consulted  at 
[25,  4]). 

Such  an  e  value  is  utilised  in  the  implementation  of  Influxi  in  order  to  avoid  having 
unexpected  results  in  cases  where  the  aforementioned  situation  arises.  Since  it  is  plausible 
in  practice  to  assume  that  the  belief  for  a  proposition  provided  by  an  expert  is  often 
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mi 

m2 

mi2 

{virusAi} 

0.9 

0.0 

0.32 

{virus  A2} 

0.0 

0.9 

0.32 

{virusB} 

0.09 

0.09 

0.35 

0 

0.01 

0.01 

0.01 

Table 


An  example  combination  of  highly  conflicting  non-dogmatic  bpas  using  the  D-S 
rule  and  e. 


not  fully  reliable,  and  the  measurements  given  by  a  sensor  are  not  totally  precise,  the 
assignment  of  e  to  0  is  justified. 

Furthermore,  depending  on  the  specific  applications  and  problems  at  hand,  other  combi¬ 
nation  rules  can  be  utilised  that  offer  different  strategies  to  deal  with  highly  conflicting 
evidence,  e.g.,  allocating  conflicting  mass  to  disjunctive  propositions  when  the  informa¬ 
tion  sources  are  assumed  to  be  unreliable  (as  in  disjunctive  rules)  or  simply  assigning  it 
to  the  empty  set  to  indicate  the  fact  that  the  answer  for  a  problem  may  lie  outside  those 
captured  in  the  current  frame  of  discernment  (as  in  the  unnormalised  conjunctive  rule). 
To  this  end,  a  collection  of  such  combination  rules  has  been  implemented  in  Influxi  which 
allows  users  to  resolve  the  problem  of  highly  conflicting  information  in  a  most  intuitive 
and  appropriate  way. 


3.2  Computational  complexity 

As  mentioned  in  Section  2.2,  a  major  criticism  of  D-S  models  is  their  high  computational 
complexity  —  dealing  with  subsets  of  0  rather  than  elements  of  0.  Therefore,  the  com¬ 
putational  complexity  is  exponential  to  the  size  of  the  frame  of  discernment.  Combining 
multiple  pieces  of  evidence  expressed  on  a  large  frame  of  discernment  is  often  intractable. 
Researchers  have  attempted  to  tackle  this  problem  along  the  following  dimensions:  (i) 
cutting  down  the  number  of  focal  elements  involved  in  the  combination,  (ii)  reducing  the 
size  of  the  frame  of  discernment,  and  (iii)  imposing  certain  restrictions  on  the  discernment 
space,  thereby  allowing  the  devising  of  combination  algorithms  with  lower  computational 
complexity.  Methods  in  the  three  mentioned  categories  are  elaborated  further  in  the  fol¬ 
lowing  sections. 

Other  approaches  also  exist  that  are  not  concerned  with  the  size  of  the  frame  of  discern¬ 
ment  or  the  structure  of  the  discernment  space,  but  adopts  specihc  techniques  to  reduce 
the  time  associated  with  the  combination  process.  Techniques  adopted  in  such  approaches 
include  the  Monte-Carlo  algorithm  (the  combined  beliefs  are  estimated  by  means  of  ran¬ 
dom  sampling  of  the  possible  values  of  the  mass  functions  to  be  combined)  [61,  62],  the 
Fast  Mobius  Transform  (fast  transform  between  different  types  of  belief  functions  is  per¬ 
formed,  allowing  for  beliefs  being  combined  in  their  most  convenient  form)  [29],  efficient  set 
representation  and  operations  (the  computational  complexity  of  the  combination  process 
is  reduced  due  to  a  novel  representation  of  focal  elements  using  techniques  from  finite  set 
theory)  [37]  and  resource-bounded  schemes  (beliefs  are  combined  in  a  progressive  manner 


UNCLASSIFIED 


19 


DST  Group-TR-3142 


UNCLASSIFIED 


so  that  the  achieved  accuracy  of  the  result  is  proportional  to  the  resource  (time)  available 
for  the  combination  process)  [23,  21]. 


3.2.1  Reducing  the  number  of  focal  elements 

As  the  possible  number  of  focal  elements  in  a  bpa  can  be  up  to  2"'  (where  n  is  the  size  of  the 
frame  of  discernment),  reducing  the  number  of  focal  elements  in  the  bpas  can  significantly 
reduce  the  amount  of  computation  required.  Approaches  pertaining  to  this  category  in¬ 
clude  the  Bayesian  approximation  [59],  K-l-x  [57],  summarisation  [32],  D1  approximation 
[2],  and  inner  and  outer  clustering  [6]  methods.  While  the  Bayesian  approximation  method 
reduces  a  given  bpa  to  a  probability  distribution,  the  other  methods  focus  on  producing  a 
modified  bpa  which  satisfies  pre-defined  constraints  specified  on  the  mass  value  of  the  focal 
elements.  As  a  consequence,  the  K-l-x,  summarisation,  D1  approximation,  and  inner  and 
outer  clustering  methods  are  data-driven  (i.e.,  the  outcomes  are  determined  by  the  actual 
mass  values  assigned  to  a  bpa).  The  Bayesian  approximation  method,  in  contrast,  allows 
the  resulting  focal  elements  to  be  partly  determined  beforehand.  An  empirical  study  of 
many  of  these  approaches  can  be  found  in  [2] . 


3.2.2  Reducing  the  size  of  the  frame  of  discernment 

An  alternative  approach  to  reduce  the  number  of  focal  elements  is  to  partition  the  frame 
of  discernment  into  another  frame  with  smaller  size  using  techniques  related  to  frame 
coarsening  as  presented  above.  Since  it  is  common  for  a  bpa  expressed  on  0  to  include 
focal  elements  that  are  not  discerned  by  U,  coarsening  a  frame  of  discernment  generally 
results  in  some  degree  of  information  loss.  To  this  end,  multiple  attempts  have  been  made 
to  devise  algorithms  capable  of  producing  a  coarsened  frame  of  discernment  from  a  set  of 
bpas  with  minimal  information  loss.  More  details  about  coarsening  a  frame  of  discernment 
can  be  found  at  [66]. 


3.2.3  Utilising  efficient  algorithms  to  combine  evidence 

Evidence  combination  algorithms  with  reduced  computational  complexity  have  been  in¬ 
vestigated.  In  particular,  Barnett  [1],  Gorden  and  Shortliffe  [20],  Shafer  and  Logan  [47] 
devised  algorithms  that  achieve  linear  computational  complexity,  with  certain  assumptions 
imposed  on  the  set  of  bpas  involved  in  the  combination.  Barnett’s  algorithm  assumes  that 
only  evidence  for  singleton  hypotheses  in  a  frame  of  discernment  is  collected,  while  the 
Gorden-Shortliffe  and  Shafer-Logan  algorithms  do  not  enforce  such  a  restriction,  but  re¬ 
quire  the  evidence  to  have  a  hierarchical  structure  as  illustrated  in  Figure  4.  In  all  three 
approaches,  a  bpa  reported  by  a  sensor  is  required  to  be  in  the  form  of  a  simple  or  di¬ 
chotomous  bpa. 


Barnett’s  algorithm  Barnett’s  algorithm  combines  pieces  of  evidence  collected  for  the 
singleton  hypotheses  in  a  frame  of  discernment.  In  this  algorithm,  the  evidence  provided 
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by  each  sensor  is  required  to  be  in  the  form  of  a  simple  or  dichotomous  bpa.  For  instance, 
given  0  =  {virusAi,virusA2,virusBi,virusB2},  and  mi,  m2,  m3  defined  on  0  as: 

mi{{virus  Ai})  =  0.2,  mi  (0)  =  0.8 

m2{{virus  A2})  =  O.6,m2(0)  =  0.4 

m‘i{{virus  Bi})  =  0.3,  msdufrttssi})  =  O.2,m3(0)  =  0.5 

(please  note  that  {virusAi}  =  {virus A2,virusBi-,virusB2}  and  {virusBi}  =  {virusAi,vi- 
rusA2,  virus B2})-  Here,  mi  and  m2  are  referred  to  as  simple  bpas,  and  m3  as  a  dichoto¬ 
mous  bpa^^.  Barnett’s  algorithm  includes  mathematical  formulas  for  the  combination  of 
these  simple  and  dichotomous  bpas  in  linear  time.  Details  of  Barnett’s  algorithm  are 
described  in  [1]. 


The  Gorden-ShortlifFe  algorithm  Gorden  and  Shortliffe  [20]  proposed  an  approxi¬ 
mation  algorithm  to  compute  belief  values  for  the  propositions  defined  in  a  hierarchical 
space.  A  major  shortcoming  of  Barnett’s  algorithm  is  that  it  is  only  capable  of  combining 
pieces  of  evidence  bearing  on  the  singleton  propositions  dehned  in  a  frame  of  discernment. 
Gorden  and  Shortliffe  aimed  to  improve  on  Barnett’s  algorithm  by  allowing  pieces  of  evi¬ 
dence  associated  with  both  singleton  propositions  and  (some)  disjunctive  propositions  to 
be  involved  in  the  combination.  This  can  be  done  by  having  the  relevant  discernment 
space  be  represented  in  a  strict  hierarchical  structure.  For  example,  a  full  graphical  repre¬ 
sentation  of  the  discernment  space  (i.e.,  2®)  of  0  =  {vai,va2,vbi,vb2}  is  given  in  Figure 
2.  According  to  Gorden  and  Shortliffe,  not  all  the  subsets  in  the  structure  are  semantically 
meaningful  in  a  particular  context.  As  such,  those  subsets  that  are  not  considered  semanti¬ 
cally  meaningful  should  be  pruned  from  the  structure.  In  the  above  example,  subsets  such 
as  {vai,va2,vbi},  {vai,va2,vb2},  {vai,vbi,vb2},  {va2,vbi,vb2},  {vai.vbi},  {vai,vb2}, 
{va2-,vbi},  and  {va2,vb2}  can  be  considered  as  not  carrying  meaningful  semantics  and 
thus  should  be  discarded,  resulting  in  a  tree-form  discernment  space  illustrated  in  Figure 
4. 

Figure  4-'  A  hierarchical  structure  of  subsets  of  Q  where  {va}  =  {vai,va2}  and  {vb{  = 
{vbi,vb2]- 

The  Gorden-Shortliffe  algorithm  is  an  approximation  in  the  sense  that  only  nodes  in  the 
tree  may  have  a  non-zero  mass  value;  a  non-zero  mass  value  for  any  subset  that  is  not 
represented  in  the  tree  will  be  assigned  to  its  smallest  superset  that  exists  in  the  tree. 
Details  of  the  Gorden-Shortliffe  algorithm  are  given  in  [20]. 


The  Shafer-Logan  algorithm  Shafer  and  Logan  have  identified  a  few  disadvantages 
of  the  Gordon-Shortliffe  approximation  algorithm.  The  disadvantages  include:  (i)  the 
Gordon-Shortliffe  algorithm  produces  a  low-quality  result  when  the  degree  of  conflict 
among  the  pieces  of  evidence  is  high,  (ii)  the  algorithm  is  not  capable  of  computing  the 
degree  of  belief  for  the  negation  of  a  proposition,  and  thus  (iii)  the  algorithm  is  not  capable 

the  terminology  used  by  Shafer  [4G],  a  simple  bpa  corresponds  to  a  simple  support  function,  while 
a  dichotomous  bpa  corresponds  to  a  simple  separable  support  function. 
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of  computing  a  plausibility  value  for  the  proposition. 

Rejecting  the  need  for  an  approximation  algorithm,  Shafer  and  Logan  proposed  an  algo¬ 
rithm  for  the  exact  computation  of  belief  values  for  the  propositions.  Even  though  the 
tree  of  propositions  in  the  Shafer-Logan  algorithm  is  constructed  in  a  manner  similar  to 
the  method  used  in  the  Gorden-Shortliffe  algorithm,  the  propositions  for  which  their  algo¬ 
rithm  is  capable  of  computing  belief  values  are  not  limited  to  those  explicitly  represented 
in  the  tree.  Details  of  the  Shafer-Logan  algorithm  are  given  in  [47]. 

The  algorithms  presented  above  assume  a  fixed  global  frame  of  discernment,  and  involve 
two  phases  of  computation  (top-down  and  bottom- up),  and  thus  are  not  well  suited  to 
implementation  in  Influxi.  However  as  will  be  discussed  in  subsequent  sections,  various 
ideas  investigated  from  the  mentioned  work  have  been  capitalised  in  Influxi  to  tackle  the 
problem  of  computational  complexity  associated  with  belief  combination  such  as  the  adop¬ 
tion  of  simplihed  forms  of  bpas,  the  utilisation  of  coarsened  (specihcally,  binary)  frames 
of  discernment,  and  the  implementation  of  only  the  relevant  portion  of  the  discernment 
space.  Generalisation  of  the  Shafer-Logan  algorithm  is  also  studied  in  the  context  of  valu¬ 
ation  networks  [3,  53,  54]  and  investigated  further  in  the  framework  of  transferable  belief 
model  (TBM)  in  the  form  of  directed  evidential  networks  [64,  67].  Valuation  networks  and 
directed  evidential  networks  will  be  discussed  in  the  document  devoted  to  a  description  of 
Influx2 . 


3.3  Unreliability  of  sources  of  evidence 

By  default,  sources  of  evidence  are  treated  equally  by  a  combination  rule  (i.e.,  the  sources 
are  assumed  to  be  equally  reliable).  This  is  not  a  valid  assumption  in  practical  applications, 
especially  those  for  which  Influxi  is  intended.  Some  examples  of  this  include: 


•  evidence  provided  by  local/host  sensors  is  more  reliable  than  that  provided  by  re¬ 
mote/network  sensors; 

•  sensors  installed  at  different  locations  have  different  degrees  of  reliability  since  they 
capture  different  sets  of  raw  data;  and 

•  sensors  vary  in  their  ability  to  capture  data  and  generate  relevant  information  (e.g., 
active  sensors  may  be  more  reliable  than  passive  sensors  in  detecting  whether  there 
is  a  device  at  a  certain  address). 

If  an  unreliability  rate  for  a  sensor  can  be  determined  before  it  is  used,  it  can  be  incor¬ 
porated  into  the  bpa  reported  by  the  sensor  before  the  combination  process  commences. 
This  can  be  done  via  the  use  of  a  discounting  method  or  importance  weight. 

Based  on  a  given  unreliability  rate,  a  discounting  method  in  general  decreases  the  mass 
of  the  focal  elements,  increasing  ignorance.  Various  discounting  methods  exist,  the  most 
popular  one  proposed  by  Shafer  [46]  is  given  as: 

m*(A)  =  tm(A),  VA  C  D  (17) 

m*  (D)  =  1  —  t  +  tm{Q) 
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where  t  (0  <  t  <  1)  is  the  unreliability  rate  of  the  source. 

While  a  discounting  method  is  quite  efficient  in  reducing  the  impact  of  a  piece  of  evi¬ 
dence  produced  by  a  sensor  across  all  propositions,  the  method  is  not  suitable  where  the 
reliability  of  a  sensor  varies  according  to  specific  propositions  defined  in  the  frame  of  dis¬ 
cernment.  In  such  a  situation,  a  more  appropriate  method  is  to  adjust  the  impact  of  a 
piece  of  evidence  on  individual  propositions.  Using  a  so-called  importance  weight,  one  can 
specify  the  reliability  of  a  sensor  for  each  proposition  in  the  frame  of  discernment  (e.g., 
sensor  A  is  twice  as  reliable  as  sensor  B  in  detecting  proposition  X,  but  is  half  as  reliable 
as  sensor  B  in  detecting  proposition  Y).  Fan  and  Zuo  provide  a  full  description  of  the  use 
of  an  importance  weight  in  [16]. 

If  an  unreliability  rate  cannot  be  determined  beforehand  (or  if  it  is  too  hard  to  do  so) ,  it  can 
be  estimated  in  real-time  based  on  the  degree  of  conflict  among  pieces  of  evidence  provided 
by  the  sensors.  Dynamic  detection  of  the  reliability  of  sensors  has  been  studied  by  several 
research  groups.  These  research  groups  share  the  view  that  a  high  degree  of  conflict  among 
pieces  of  evidence  indicates  unreliability  of  the  sources  of  evidence,  and  that  the  sources 
that  provide  conflicting  evidence  should  be  considered  unreliable  and  therefore  should  be 
discarded.  This  view  is  not  valid  in  the  context  of  Influxi  where  conflicting  information 
is  actually  of  interest  and  should  be  investigated  rather  than  discarded.  For  this  reason, 
while  various  discounting  methods  have  been  implemented  in  Influxi ,  dynamic  estimation 
of  the  reliability  of  sensors  is  not  currently  considered  for  implementation. 


3.4  Independent  evidence  assumption  and  conflict  distribu¬ 
tion 

The  D-S  rule  requires  pieces  of  evidence  (in  the  form  of  belief  functions)  being  combined 
to  be  distinct /independent.  In  addition,  when  pieces  of  evidence  to  be  combined  are 
conflicting,  the  D-S  rule  manages  the  situation  by  distributing  the  conflicting  mass  (i.e., 
the  mass  of  the  empty  set)  proportionally  to  the  focal  sets.  Such  a  conflict  management 
scheme  may  not  be  ideal  for  all  contexts.  For  this  reason,  studies  have  been  carried  out 
which  attempt  to  lift  the  independence  assumption  imposed  on  the  pieces  of  evidence  as 
well  as  to  offer  various  ways  to  manage  conflict,  resulting  in  the  numerous  DS-related 
combination  rules  that  can  be  found  in  the  literature. 

Tables  5  and  6  summarise  a  collection  of  combination  rules  studied  in  the  literature,  with 
the  following  desirable  algebraic  characteristics: 

•  Commutativity:  Vmi,  Vm2  :  mi  ®  m2=  m2  <8>  mi 

Commutativity  implies  that  the  order  in  which  the  evidence  is  combined  does  not 
affect  the  final  result. 

•  Associativity:  Vmi,Vm2,Vm3:  {mi  0  m2)  0  m3=  mi  0  {m2  0  m3) 

Associativity  allows  for  (order-independent)  pairwise  computation,  enabling  local 
computation. 

•  Quasi-associativity:  Associativity  that  is  achieved  by  preserving  certain  interme¬ 
diate  results  throughout  the  combination  process. 
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Rule 

Formula 

Comm. 

Asso. 

Quasi-asso. 

Idemp. 

Conjunctive  [51] 

"^12  ("4)  =  ^  mi(R)m2(C) 

s,ce2©, 

BnC=A 

C/2 

CD 

C/2 

o; 

D-S  [46] 

1  —  Ki2  ^  ^ 

BnC=A 

c/2 

cc 

Disjnnctive  [  0] 

^-12  (-4)  =  ^  mi{B)m2{C) 

S,CG2©, 

BUC=A 

C/2 

CD 

c/2 

o; 

Yager’s  [65] 

m][20  =  "2-i(©)w.2(0)  +  ^  mi{B)m2{C) 

B,CG2®, 

snc=0 

^  mi{B)m2{C) 

S,CG20, 

snC=A 

c/2 

C/2 

Averaging  [35] 

^  [mi  (A)  +  m2  (A)] 

C/2 

CD 

C/2 

CD 

Dnbois-Prade  [1  ] 

"ii2^("4)=  ^2  '>^i{B)m2{C)+ 

B,Ce2©, 

snc=A 

mi(i?)m2(C) 

B,CG2®, 

SuC=A,BnC=0 

c/2 

CD 

C/2 

CD 

Table  5:  Combination  rules  and  their  algebraie  eharacteristics. 
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Rule 

Formula 

Comm. 

Asso. 

Quasi-asso. 

Idemp. 

PCR5  [48] 

mff  “(A)  = 

se20, 

snA=0 

I"  mi{A)‘^m2{B)  ^  m2{A)‘^mi{B)  ] 

C/2 

CD 

C/2 

CD 

[mi{A)  +  m2iB)  '  m2{A)+mi{B)\ 

Cumulative  [28] 

For  mi(0)  7^  0  V  m2(0)  7^  0: 

r  mciA)= 

J  /  mi(©)+m2f©)— mi(©)m2(©)  ’ 

L  C\  )  mi(0)+m2(©)— mi(©)m2(0) 

for  mi(0)  =  0  A  m2(0)  =  0: 

f  mc(A)  =  7^mi (A)  +  7^7712 (A), 

\  mc{&)  =  0 

where 

(  1  r  m2(0) 

1  7  —  iimmj(©)_^o,m2(0)^-O  mj(e)+m2(©)  ■ 

1  2  r  mi(0) 

7  —  iimmj(©)_^o,m2(0)-5-O  mi(0)+m2(0) 

c/2 

CC 

Cautious  [7] 

mim2  =  n 

Ac0 

where 

'w^12(A)  =  rri(A)  A  W2iA),A  £  2®\0 

and 

A\  —  )  nsDA,|fl|e2Ar'?(")  '  ' 

1  Otherwise. 

C/2 

CD 

C/2 

o; 

C/2 

CD 

Table  6:  Combination  rules  and  their  algebraic  characteristics  (continue  from  Table  5). 
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•  Idempotence:  Vmi:  mi  ®mi=  mi 

Idempotence  is  important  where  there  is  non-distinct  evidence  since  it  prevents  a 
combination  rule  from  counting  a  piece  of  elementary  evidence  more  than  once. 

The  collection  of  combination  rules  can  be  analysed  from  a  number  of  perspectives: 

•  With  regards  to  the  reliability  of  sources,  most  of  the  rules  are  based  on  two  fun¬ 
damental  rules:  the  conjunctive  rule  (including  the  open-world  conjunctive  rule  and 
closed-world  D-S  rule)  and  the  disjunctive  rule.  A  conjunctive  rule  looks  for  consen¬ 
sus  between  given  bpas  where  the  sources  are  sufficiently  reliable,  and  a  disjunctive 
rule  tends  to  average  out  all  the  given  information  and  should  be  used  when  not  all 
the  sources  are  reliable  (e.g.,  one,  or  probably  more,  sources  may  be  unreliable  but 
one  does  not  know  which  one). 

Here,  one  combination  rule  that  is  worth  noticing  is  the  cumulative  rule  which  does 
not  strictly  belong  to  either  the  conjunctive  or  disjunctive  category.  The  rule  forms 
its  own  category;  that  is,  the  rule  is  applicable  in  situations  where  the  pieces  of 
evidence  are  distinct  and  independent  but  come  from  identical  sources.  In  this  case, 
the  evidence  is  said  to  be  combined  in  a  cumulative  fashion. 

•  In  terms  of  conflict  management,  the  different  combination  rules  can  be  distinguished 
in  particular  according  to  the  way  they  distribute  conflict  mass.  Two  main  cate¬ 
gories  can  be  discerned:  redistribution  of  global  conflict  mass  (such  as  the  D-S  and 
Yager’s  combination  rules)  and  redistribution  of  the  partial  conflict  mass  (such  as 
the  Dubois-Prade  and  PCR5  combination  rules).  For  instance,  the  D-S  and  Yager’s 
rules  distribute  the  global  conflict  mass  (the  conflict  mass  between  all  the  focal  sets, 
if  any,  of  the  two  combined  bpas)  to  the  focal  sets  and  to  the  empty  set,  respectively. 
Unlike  the  D-S  and  Yager’s  rules,  the  Dubous-Prade  and  PCR5  rules  distribute  the 
partial  conflict  mass  (between  a  group  of  focal  sets)  to  the  relevant  subsets,  and  thus 
are  supposed  to  be  more  precise  when  consideration  of  conflict  is  a  focus. 

•  With  respect  to  the  types  of  evidence  to  be  combined,  the  combination  rules  can 
also  be  discriminated  based  on  the  independence/dependence  restriction  imposed  on 
the  evidence.  More  specifically,  the  conjunctive,  D-S,  Yager’s,  Dubois-Prade,  PCR5 
and  disjunctive  rules  assume  the  pieces  of  evidence  to  be  combined  are  distinct  and 
independent.  Whereas  for  the  averaging  and  cautious  rules,  pieces  of  evidence  are 
required  to  be  non-independent.  To  be  able  to  deal  with  bodies  of  evidence  that  are 
not  distinct  and  independent,  the  latter  group  of  rules  share  one  common  algebraic 
property:  they  are  all  idempotent,  preventing  themselves  from  counting  a  piece  of 
elementary  evidence  more  than  once. 

Generally,  the  majority  of  combination  rules  discussed  in  the  literature  are  sensitive  to 
the  independence/dependence  assumption  of  evidence:  applying  an  unsuitable  combina¬ 
tion  rule  to  fuse  evidence  can  yield  inaccurate  results.  We  have  conducted  an  empirical 
comparison  of  the  collection  of  combination  rules  presented  in  Tables  5  and  6.  In  general, 
the  experimental  results  demonstrate  the  adequacy  of  the  D-S  rule  as  a  combination  (or 
fusion)  operator  to  fuse  independent  pieces  of  evidence  in  various  circumstances.  More 
particularly,  when  receiving  an  appropriate  treatment  for  dealing  with  highly  conflicting 
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evidence,  the  D-S  rule  exhibits  behaviour  similar  to  that  of  the  proposed  alternatives  while 
maintaining  mathematical  simplicity  and  possessing  highly-desirable  characteristics  such 
as  commutativity  and  associativity. 
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4  The  reasoning  framework  for  Influxi 

D-S  theory  provides  a  mathematically  sound  approach  for  reasoning  in  situations  where  the 
information  may  be  uncertain  and  incomplete.  The  extent  to  which  the  theory  is  realised 
in  a  practical  setting  naturally  depends  on  the  goals  and  characteristics  of  the  specific 
reasoning  problem  to  be  addressed.  In  this  regard,  Influx  is  envisaged  to  be  a  reasoner 
handling  real-life  situations  where  the  knowledge  can  be  imperfect,  the  knowledge  base 
potentially  large  and  distributed,  and  efficiency  (among  other  qualities)  is  of  significant 
importance.  As  such,  complete  implementation  of  D-S  theory  is  not  a  prime  goal  in  the 
design  and  development  of  Influx;  rather,  the  theory  is  utilised  as  a  means  to  facilitate  the 
development  of  appropriate  mechanisms  to  represent  and  reason  with  uncertainty. 

Nevertheless,  realising  D-S  theory  in  practical  applications  is  not  straight-forward.  Despite 
its  rich  literature,  the  amount  of  research  work  devoted  to  the  application  of  D-S  theory 
is  fairly  modest  in  comparison  to  the  numerous  efforts  in  the  field  dedicated  to  theoretical 
work.  Two  main  reasons  for  this  may  be:  (i)  the  heavy  use  of  mathematical  notation 
in  the  majority  of  work  on  D-S  theory  has  hindered  practitioners  in  the  field  of  artificial 
intelligence,  and  (ii)  the  potentially  high  computational  complexity  associated  with  a 
straight-forward  implementation  of  the  D-S  rule  in  the  general  case  (being  exponential 
to  the  size  of  the  frame  of  discernment).  Due  to  the  latter  reason,  using  the  theory 
for  uncertain  reasoning  in  a  practical  context  often  necessitates  the  determination  of  an 
appropriate  balance  between  the  merits  of  the  theory  and  the  desired  properties  of  the 
reasoning  system  to  be  implemented.  To  this  end,  Influxi  aspires  to  achieve,  as  much  as 
possible,  the  desired  practical  objectives  while  capitalising  on  the  ideas  and  techniques 
offered  by  the  D-S  theory  where  suitable. 

We  have  developed  the  first  version  of  Influx,  Influxi,  a  simple  nonmonotonic  reasoning 
tool  and  framework  which  takes  advantage  of  the  D-S  formalism  to  represent  and  reason 
with  uncertainty.  Conceptually,  development  of  a  reasoning  framework  is  a  matter  of 

•  deciding  on  the  representation  of  the  relevant  concepts  {concept  representation), 

•  determining  the  representation  of  the  beliefs  associated  with  the  concepts  {belief 
representation), 

•  specifying  the  mechanisms  for  belief  combination,  should  there  be  more  than  one 
belief  pertaining  to  a  concept  {belief  combination),  and 

•  defining  the  relationships  between  concepts  which  allows  inferencing  across  the  con¬ 
cepts  to  be  carried  out  {belief  propagation). 

In  this  section  we  briefly  review  the  reasoning  framework  of  Influxi  from  such  perspectives. 
Please  note  that  design  decisions  and  techniques  pertaining  to  the  implementation  of 
Influxi  are  not  discussed  in  this  document. 

For  the  purpose  of  illustration,  Figure  5  graphically  depicts  a  simple  example  of  a  rule 
network  in  Influxi,  various  portions  of  which  will  be  referred  to  in  the  discussions  that 
follow.  Before  continuing  further,  it  is  important  to  clarify  some  of  the  concepts  and 
terminology  as  follows: 
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concept  rcprcseutat  ion 


;  ISr  IT'.r)) 
i  T epDump(X) 


(«/'  (P./’H  1 


Figure  5:  A  simple  rule  network  in  Influxi,  illustrating  concept  representation,  belief  rep¬ 
resentation,  belief  combination  and  belief  propagation.  In  this  figure,  (8>  and  A 
denote  the  ‘fusion’  and  ‘and’  operators,  respectively.  The  notation  A  will  be 
defined  in  Section  f.l.l. 

•  TcpDump{X),  Ping(X),  ComputerOn{X)  and  ClassifiedComputerOn{X)  are  re¬ 
ferred  to  as  propositions.  TcpDump{X)  denotes  the  proposition  that  ‘the  TcpDump 
sensor  observes  packets  from  computer  X’.  Similarly,  Ping{X)  denotes  the  propo¬ 
sition  that  ‘the  Ping  sensor  receives  responses  from  X’,  C omputerOn{X)  denotes 
the  proposition  that  ‘X  is  on’,  Classified{X)  denotes  the  proposition  that  ‘X  is 
classified’,  and  ClassifiedComputerOn{X)  denotes  the  proposition  that  ‘X  is  on 
and  classified’  whose  truth  value  reflects  the  belief  pertaining  to  C omputerOn{X)  A 
Classified{X).  Each  proposition  is  associated  with  a  binary  frame  of  discernment 
(BFoD),  e.g.,  T cpDump{X)  is  associated  with  P)t  =  {T,T}  and  Ping{X)  associated 
with  0p  =  {P,  P}. 

•  The  degree  of  certainty  regarding  the  truth  of  each  proposition  is  defined  in  the  form 
of  a  bpa  m,  e.g.,  mr,  mp  and  me  for  the  propositions  TcpDump{X),  Ping{X)  and 
C omputerOn{X) ,  respectively.  Such  a  bpa  expresses  the  belief  mass  assigned  to 
all  possible  states  of  a  proposition  (e.g.,  {T},  {T}  and  Op  =  {T,T}  in  the  case  of 
TcpDump{X)) .  For  example,  the  bpa  mp  shows  that  the  TcpDump  sensor  certainly 
observes  packets  from  X  {mp{T)  =  1).  Besides  bpas,  the  belief  for  a  proposition, 
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when  required,  can  be  represented  in  other  ways,  such  as  the  belief  function  Bel, 
the  plausibility  function  PI  and  the  pignistic  function  BetP.  The  pignistic  function 
BetP  provides  a  probabilistic  interpretation  of  the  belief  associated  with  a  piece  of 
knowledge  which  will  be  discussed  in  Section  4.2.  For  the  sake  of  simplicity,  when  the 
distinction  does  not  matter,  all  such  functions  (m,  Bel,  PI  and  BetP)  are  referred 
to  as  belief  functions  (or  simply  beliefs). 

•  Propositions  not  directly  observed  (e.g..  Computer On{X))  may  be  inferred  from 
related  propositions  whose  belief  may  be  known  (e.g.,  TcpDump{X)  and  Ping{X)). 
Whether  the  TcpDump  sensor  observes  packets  from  X,  and  whether  the  Ping  sen¬ 
sor  receives  responses  from  X,  can  reveal  some  information  about  whether  computer 
X  is  on.  In  this  respect,  TcpDump{X)  and  Ping(X)  are  generally  referred  to  as 
information  sources  for  C omputerOn{X) ,  and  mx  and  mp  are  the  beliefs  associ¬ 
ated  with  the  information  sources.  The  belief  associated  with  T cpDump{X)  {mp) 
can  be  combined  with  knowledge  about  the  relation  between  TcpDump{X)  and 
C omputerOn{X)  to  produce  m^,  which  is  the  belief  about  whether  the  computer 
X  is  on,  given  mp-  Likewise,  we  can  produce  m^,  which  is  the  belief  about  whether 
the  computer  X  is  on,  given  mp.  We  refer  to  the  propagated  beliefs  and  m^  as 
opinions  about  C omputerOn{X)  provided  by  the  respective  information  sources. 

•  The  proposition  C omputerOn{X)  has  two  independent  opinions  (m^  and  m^)  about 
its  status.  To  this  end,  the  belief  for  ComputerOn  {me),  is  determined  through  the 
combination  of  those  opinions  {me  =  m^  (8>  where  (8>  denotes  a  conjunctive 
fusion  operator). 


4.1  Concept  representation 

Concepts  in  the  knowledge  base  of  Influxi  may  be  simple  or  complex.  For  instance,  a 
concept  can  be  an  elementary  piece  of  knowledge  such  as 

Computer Active, 

the  knowledge  that  a  computer  is  active.  A  concept  can  also  be  structured  with  embedded 
contextual  information  such  as 

Computer. Software . Ant iVirusInst ailed (fileserver,  Super AV)  , 

the  knowledge  that  a  particular  computer  {fileserver)  has  antivirus  software  installed 
{Super  AV)  where  AntiVir  us  Installed  carries  the  semantics  dehned  within  the  context 
Computer. Software.  Within  Influxi,  this  structured  representation  (or  structured  ID) 
allows  knowledge  and  relationships  to  be  described  with  a  flexible  and  informal  form  of 
ontology  and  enables  certain  techniques  for  efficient  computation  and  memory  use. 

As  the  notion  of  frames  of  discernment  (FoDs)  is  fundamental  for  knowledge  representation 
in  D-S  theory,  all  concepts  must  be  defined  with  respect  to  one  or  more  FoDs.  To  this 
end,  the  building  blocks  for  representing  knowledge  in  Influxi  are  the  so-called  binary 
frames  of  discernment  (BFoDs).  Each  BFoD  is  associated  with  a  concept,  and  contains 
two  elements:  the  concept  and  its  negation  (e.g.,  ©a  =  {A,  A}). 
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ClassifiediX ) 
=  (I  met 
mcidcl])  =  0 
mci((^ci)  =  1 


CoTiiputerOniX ) 
me  wc({C})  = 
mc{{C})  = 
711  c  (Be)  = 


.<;»•!/ iedCotnpiitfrOn{. 

mcAiCc]) 

=  0. 

mc,({D}) 

=  0.44 

mcA^cA 

=  O.oG 

O.-M 
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Figure  6:  An  illustration  of  a  proposition  constructed  from  other  propositions  using  the 
‘and’  connective. 

We  group  concepts  according  to  their  inter-relationships,  which  is  important  for  the  de¬ 
vising  and  determining  of  the  appropriate  mechanisms  to  combine  their  beliefs.  The  first 
group  refers  to  those  concepts  which  are  not  mutually  exclusive.  This  group  can  be  further 
divided  into  two  subgroups: 

•  independent  concepts  whose  beliefs  are  not  correlated  (i.e.,  change  in  the  belief  of 
one  concept  has  no  (or  negligible)  effect  on  the  belief  of  the  others),  and 

•  dependent  concepts  whose  beliefs  are  correlated  (i.e.,  change  in  the  belief  of  one 
concept  has  effect  on  the  belief  of  the  others). 

The  second  group  refers  to  those  concepts  which  are  mutually  exclusive.  The  BFoDs 
associated  with  the  concepts  in  this  case  are  considered  specific  coarsenings  (see  Section 
3)  of  an  implicit  frame  U  which  includes  all  such  concepts  as  part  or  all  of  its  elements. 

With  respect  to  belief  representation  (which  will  be  further  discussed  in  the  next  section), 
each  concept  A  is  associated  with  a  bpa  specifying  the  degree  of  belief  for  {A},  {A}  and 
Manipulation  of  the  concept’s  belief  can  be  mathematically  performed  in  a  manner 
similar  to  that  of  a  logical  proposition  with  infinite  truth  values,  albeit  with  different 
interpretations^^.  More  specifically,  a  concept,  hereby  referred  to  as  a  proposition,  can 
be  transformed  into,  or  inferred  from,  a  related  one;  or  can  be  built  from  more  primitive 
propositions.  For  instance,  ClassifiedComputerOn{X)  can  be  built  from  Classified{X) 
and  C omputerOn{X)  using  the  logical  connective  and  as  shown  in  Figure  6.  The  following 
discussion  is  concerned  with  combining  beliefs  associated  with  different  propositions  to 
construct  a  new  proposition.  Propagation  of  belief  from  one  proposition  to  another  will 
be  treated  in  Section  4.4. 

^^Hereafter,  for  the  sake  of  simplicity  of  notation,  we  at  times  do  not  distinguish  between  elements  and 
singleton  subsets  of  a  set  when  it  is  clear  by  the  context. 

We  are  dealing  with  infinite  degrees  of  belief  about  the  truth  of  a  proposition  rather  than  infinite  truth 
values  of  the  proposition. 
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4.1.1  Proposition  construction 

Proposition  construction  is  essentially  concerned  with  the  combination  of  beliefs  expressed 
on  different  frames  of  discernment.  More  specifically,  a  proposition  (e.g.,  B)  can  be 
built  from  a  set  A  of  n  other  propositions  (e.g.,  Ai,  A2, . . . ,  An).  This  is  achieved  by 
computing  the  belief  of  B  (i.e.,  ms)  as  the  combination  of  the  beliefs  expressed  on  0^- 
(i.e.,  mAi,mA2,  ■  ■  ■  ,'mAn).  In  Influxi,  such  combination  is  performed  according  to  the 
fundamental  criteria  of  necessity  or  sufficiency: 


•  Necessity  refers  to  situations  where  all  elements  in  A  must  be  confirmed  in  order  for 
B  to  be  confirmed.  Broadly  speaking,  the  belief  value  for  B  is  only  high  when  the 
belief  values  for  all  Ai  are  high. 

•  Sufficiency,  in  contrast,  refers  to  situations  where  any  element  in  A  being  confirmed 
will  result  in  B  being  confirmed.  Broadly  speaking,  the  belief  value  for  B  is  high 
when  the  belief  value  for  any  Ai  is  high. 


The  combination  process  will  reflect  the  criteria  relevant  to  the  concepts,  and  the  type  of 
relationship  they  share  (independent,  dependent  or  mutually  exclusive).  To  this  end,  a 
number  of  functions  addressing  proposition  construction  have  been  derived  for  implemen¬ 
tation  in  Influxi.  The  derived  functions  are  depicted  in  Table  7  and  elaborated  below. 


4. 1.1.1  Combination  of  independent  propositions  Given  a  set  of  propositions 
Ai  with  an  independent  relationship,  the  belief  for  a  proposition  B  can  be  computed 
by  combining  the  beliefs  associated  with  Ai  using  the  logical  connectives  and  (i.e.,  B  = 
Ai  A  A2  A  . . .  A  An  if  Ai  are  necessary  criteria  for  B)  or  or  (i.e.,  B  =  Ai  V  A2  V  . . .  V  A„ 
if  Ai  are  sufficient  criteria  for  B).  To  facilitate  reasoning  in  Influxi,  such  connectives, 
among  others,  must  be  redefined  to  take  into  account  the  adopted  D-S  belief  representa¬ 
tion.  Multiple  efforts  to  integrate  logical  reasoning  and  Dempster-Shafer  belief  functions 
have  been  made  (such  as  [9],  [17],  [15]  and  [18]  in  the  context  of  information  fusion,  belief 
maintenance  systems  and  non- monotonic  deductive  reasoning).  However  the  formulation 
of  the  logical  connectives  in  the  mentioned  works  (particularly  [17])  assumes  a  global  frame 
of  discernment  on  which  the  bpas  of  the  constituent  propositions  are  defined,  and  thus 
cannot  be  applied  directly  in  this  context. 


To  this  end,  it  is  necessary  to  derive  the  formulas  for  the  and  and  or  connectives  for  any 
two  propositions  Ai  and  A2.  This  may  be  achieved  by  hrst  computing  the  associated  be¬ 
lief  distribution  on  the  Cartesian  product  0(Ai,A2)  (where  0ai  and  0a2  are  the  frames  of 
discernment  pertaining  to  Ai  and  A2,  respectively).  Such  a  belief  distribution  (see  Table 
8)  allows  belief  associated  with  a  conjunction  between  every  subset  of  0ai  with  that  of 
0A2  to  be  captured.  Applying  Kleene’s  truth  tables  for  and  and  or  for  three-valued  logic 
(see  Figure  7)  to  the  computed  belief  distribution  then  enables  a  derivation  of  the  formulas 
for  the  logical  connectives  (or  operators)  as  given  below. 
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Relationship 

between  Ai,  Operator  type 

A2  and  B 

Relationship 
between  Ai 
and  A2 

Specific 

opera¬ 

tor 

Influxi 

syntax 

Formula 

Sufficiency  B  =  or{Ax,A2) 

independent 

V 

OR 

m{B)  =  m{Ai)  +  771(^2) 
—m{Ai)m{A2) 

m{B)  =  m(Ai)m{A2) 
rri(©^)  =  1  —  m{B)  —  m{B) 

dependent 

\ySub 

MAX 

m{B)  =  max{m{Ai),m{A2)) 
m(B)  =  min{m{Ai) ,  m{A2)) 
m(©s)  =  1  —  m{B)  —  m{B) 

mutually 

exclusive 

\jadd 

ADD 

m{B)  =  m{Ai)  +  m{A2) 

m{B)  =  ^(m(Ai)  +  m(A2) 
-m(Ai)  -  m(A2)) 

1  ~  m(B)  —  m(B) 

Necessity  B  =  and{A-i,A2) 

independent 

A 

AND 

m{B)  =  m(Ai)m{A2) 

m{B)  =  m(Ai)  +  m{A2) 
—m{Ai)m(A2) 
m{SB)  =  1  —  m(B)  —  m(B) 

dependent 

^sub 

MIN 

m{B)  =  min(m{Ai) ,  m{A2)) 
m{B)  =  max{m{Ai),m{A2)) 
m(©s)  =  1  —  m{B)  —  m{B) 

Neither  B  =  mean(Ai ,  A2) 

necessity 

nor 

sufficiency 

independent/ 

dependent 

mean 

MEAN 

m{B)  =  Cm{Ai)  +  m(A2)) 
m{B)  =  ^(m(Ai)  +  m{A2)) 
mi^B)  =  ^  —  m{B)  —  m{B) 

Table  7/  Combination  operators  implemented  in  Influxi  and  their  notations  used  in  this 
document.  In  the  table,  the  proposition  B  is  constructed  from  the  propositions 
Ai  and  A2  according  to  the  the  criteria  of  sufficiency  and  necessity. 


The  and  operator  Let  B  denote  a  proposition  that  reflects  the  conjunctive  truth  of 
the  two  propositions  Ai  and  A2  {B  =  Ai  A  A2),  the  belief  function  associated  with  B  is 
computed  as: 

m{B)  =  m{Ai)m{A2), 

m{B)  =  m{Ai)m{A2)  +  m{Ai)m{A2)  +  m{Ai)m{QA2)  + 'm{A2)m{Ai)  +  m{A2)m{QAi) 
=  m{Ai)  +  m{A2)  -  m{Ai)  m{A2) , 

m{QB)  =  l  —  m{B)  —  m{B).  (18) 

For  instance,  the  proposition  ClassifiedComputerOn{X)  in  Figure  6  is  considered  con¬ 
firmed  only  if  both  Classified{X)  and  ComputerOn{X)  are  confirmed,  and  it  is  not 
confirmed  otherwise.  Given  mci  and  me  as  depicted  in  the  figure  and  using  the  above 
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formula,  one  obtains  the  following  belief  computed  for  ClassifiedComputerOn{X): 


mcSCc) 

mcACc) 

mCci^Cc) 


0  X  0.44  =  0, 

0.44  +  0-0.44  x  0  =  0.44, 
1  -0  -0.44  =  0.56. 


^2 

^2 

©A2 

m{Ai)m{A2) 

m(Ai)m{A2) 

m(Ai)m(0A2) 

+r 

m{Ai)m{A2) 

m.{A-i)m{A2) 

m(Ai)m(0A2) 

m(QAi)m{A2) 

m(0Ai)m(A2) 

m(0Ai)m(0A2) 

Table  8: 


A  belief  distribution  on  Q{Ai,A2)  computed  from  the  belief  functions  associated 
with  and  Qa2  ■ 


and 

T 

F 

U 

T 

T 

F 

u 

F 

F 

F 

F 

U 

U 

F 

U 

or 

T 

F 

U 

T 

T 

T 

T 

F 

T 

F 

LI 

U 

T 

U 

U 

Figure  1:  Three-valued  logic  truth  tables  for  ‘and’  and  ‘or’,  where  U  represents  ‘unknown’. 


The  or  operator  Let  B  denote  a  proposition  that  reflects  the  disjunctive  truth  of  the 
two  propositions  Ai  and  A2  {B  =  Ai  V  A2),  the  belief  function  associated  with  B  is  given 
by: 


m{B) 

=  m{Ai)m{. 

=  m{Ai)-\-'i 

m{B) 

=  m(Ai)  m( 

m{QB) 

=  1  —  ra{B) 

(19) 


For  example,  let  Vulnerable{X)  correspond  to  Unpatched{X)  V  DisabledFirewall{X), 
which  means  the  proposition  Vulnerable{X)  is  considered  confirmed  if  Unpatched{X)  or 
DisabledFirewall{X)  is  confirmed.  Using  the  above  formula,  the  bpa  associated  with  V 
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can  be  computed  as 

mv{V)  =  0.44  +  0-0.44  x  0  =  0.44, 
mv(V)  =  0.44  X  0  =  0, 
mviQv)  =  1  -0.44-  0  =  0.56, 

where  V,  U  and  D  denote  Vulnerable{X),  Unpatched{X)  and  DisabledFirewall{X), 
respectively,  and 

mu{U)  =  0,  mu{U)  =  0,  mu{Qu)  =  1, 

mD{D)  =  0.44,m£)(D)  =  0.44,  m£)(0£))  =  0.12. 

As  presented  above,  the  and  and  or  operators  are  used  when  the  set  A  provides  necessary 
or  sufficient  criteria  for  B,  respectively.  In  a  number  of  situations,  Ai,A2,...,An  are 
criteria  for  B  but  each  is  neither  sufficient  nor  necessary.  That  is,  the  confirmation  of  any 
single  Ai  is  not  sufficient  to  lead  to  the  confirmation  of  B,  but  at  the  same  time,  it  is  not 
necessary  for  all  Ai  to  be  confirmed  in  order  for  B  to  be  confirmed.  To  compute  the  belief 
for  B  in  this  case,  the  mean  operator  is  used  which  does  not  rely  on  the  confirmation  or 
otherwise  of  any  one  criteria,  but  takes  into  account  all  of  the  criteria  and  ‘balances  out’ 
their  respective  beliefs. 


The  mean  operator  Let  B  denote  a  proposition  that  reflects  the  overall  truth  of  the 
two  propositions  Ai  and  A2,  the  belief  function  associated  with  C  is  given  by: 

m(B)  =  ^(m(Ai)  +  m(A2)) 

+  m(A2)), 

^{Qb)  =  l  —  m{B)  —  m{B).  (20) 

For  example,  FastCPU{X)  and  BigHardDrive{X)  are  criteria  for  the  proposition  Use- 
fulComputer{X).  Each  of  the  criteria  on  its  own  may  not  be  sufficient  for  the  computer 
X  to  be  useful,  nor  is  the  absence  of  one  necessary  to  render  the  computer  not  useful. 
Using  the  mean  operator,  the  bpa  associated  with  U sefulComputer{X)  can  be  computed 
as 

mu{U)  =  ^(0.44  +  0)  =  0.22, 

mu{U)  =  ^(0.44  +  0)  =  0.22, 
mu{Qu)  =  1  -  0.22  -  0.22  =  0.56. 

where  U,  F  and  B  denote  UsefulComputer{X),  FastCPU{X)  and  BigHardDrive{X), 
respectively,  and 

mpiF)  =  0,mF{F)  =  O,mi?(0i7’)  =  1, 

msiB)  =  0A4:,mB{B)  =  0.44, 7715(05)  =  0.12. 

When  the  criteria  Ai  have  varying  degree  of  importance  to  the  constructed  proposition, 
this  can  be  captured  by  incorporating  a  relative  importance  weight  to  each  Ai  (see  Section 
4. 3. 1.1)  before  performing  the  mean  operation. 
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4. 1.1. 2  Combination  of  dependent  propositions  Suppose  that  there  exist  ex¬ 
plicit/implicit  relations  among  the  propositions  Ai,  and  thus  their  beliefs  are  correlated. 
For  instance,  the  two  propositions  InternetEnabled{X)  and  EmailActive{X)  can  be  con¬ 
sidered  dependent  since  the  belief  of  one  proposition  can  be  inferred  from  the  other.  In 
this  case,  the  mean  operator  remains  applicable  due  to  its  idempotency  (i.e.,  the  belief 
of  a  proposition  is  unchanged  when  combined  with  itself).  However,  using  the  previously 
derived  and  and  or  functions  (which  treat  the  belief  associated  with  each  Ai  as  an  indepen¬ 
dent  contribution  to  the  combined  belief)  would  incorrectly  amplify  the  belief  computed 
for  B.  To  address  combination  in  such  a  situation,  Influxi  offers  cautious  forms  of  the  and 
and  or  functions  which  assume  a  (positive)  correlation  of  belief  among  the  propositions 
being  combined. 


The  subsumptive  and  operator  Let  the  set  A  represent  necessary  criteria  Ai  for  B, 
where  the  beliefs  associated  with  Ai  are  correlated  (and  thus  may  be  considered  to  provide 
overlapping  or  duplicate  information).  In  this  case,  it  is  plausible  for  the  belief  of  B  to 
be  computed  according  to  the  criteria  that  are  least  confirmed  (those  with  the  minimum 
belief  and/or  the  minimum  plausibility).  Translated  to  D-S  belief  representation,  the  belief 
function  associated  with  B  is  computed  as: 


m{B)  =  min{m(Ai),  m{A2)), 
m(B)  =  1  -  Pl{B) 

=  l-min{Pl{Ai),  PI{A2)) 

=  1  —  min{l  —  m(Ai),  1  —  m{A2)), 

=  max{m{Ai),  m{A2)), 

m{QB)  =  l  —  m{B)  —  m{B).  (21) 


The  derived  function  mathematically  resembles  the  weak  conjunction  of  Lukasiewicz’s 
many- valued  logic  [33].  We  refer  to  this  function  as  a  subsumptive  and  (or  and^^^ ,  or 

^sub'^ 


The  subsumptive  or  operator  Let  the  set  A  represent  the  sufficient  criteria  Ai  for  B, 
where  the  beliefs  associated  with  Ai  are  correlated  (and  thus  may  be  considered  to  provide 
overlapping  or  duplicate  information).  In  this  case,  it  is  plausible  for  the  belief  of  B  to 
be  computed  according  to  the  criteria  that  are  most  confirmed  (those  with  the  maximum 
belief  and/or  the  maximum  plausibility).  Translated  to  D-S  belief  representation,  the 
belief  function  associated  with  B  is  computed  as: 


m(B)  =  max{m{Ai),  771(^2)), 
m(B)  =  1  -  Pl{B) 

=  1  —  max{Pl{Ai),  PI{A2)) 

=  1  —  max{l  —  m(Ai),  1  —  777(^2)), 

=  min{m{Ai),  777(^2)), 

"7(0b)  =  1  —  777(H)  —  777(H).  (22) 
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The  derived  function  mathematically  corresponds  to  the  weak  disjunction  of  Lukasiewicz’s 
many- valued  logic  [33].  We  refer  to  this  function  as  a  subsumptive  or  (or  or®“^,  or 


4. 1.1. 3  Combination  of  mutually  exclusive  propositions  Suppose  the  proposi¬ 
tions  Ai  are  mutually  exclusive  (e.g.,  Restricted{X) ,  Secret{X)  and  TopSecret{X)),  Ai 
are  considered  to  correspond  to  elements  in  a  common  implicit  frame  D,  and  the  BFoD 
associated  with  each  Ai  is  a  coarsening  of  D  focusing  on  Ai.  As  such,  the  beliefs  associ¬ 
ated  with  Ai  can  now  be  expressed  on  the  same  space  of  discernment  2^,  thereby  enabling 
direct  manipulation  of  the  beliefs  by  means  of  set-theoretical  operations  on  the  discern¬ 
ment  space.  Assuming  the  mutually  exclusive  relationship  between  Ai  is  appropriately 
captured  (thus,  it  is  always  that  X^j(?^(Aj))  <  1  and  m{Ai)  >  ^'(Aj)),  proposition 

combination  can  be  performed  as  given  below. 


The  additive  or  operator  Let  the  set  A  represent  sufficient  criteria  Ai  for  B,  where 
Ai  are  mutually  exclusive.  In  this  particular  case,  the  proposition  B  =  AiV  A2V  . .  .V  An 
corresponds  to  the  disjunctive  set  {Ai,  A2,  ■  ■  ■ ,  An}  defined  on  D,  and  its  belief  can  be 
approximately  computed  as  follows: 


m{B) 

=  m{Ai)  +  m{A2), 

m{B) 

m{Ai)  -|-  771(^2)  —  m(Ai)  —  771(^2) 

~  2 

m{QB) 

=  1  —  m{B)  —  m{B) . 

(23) 

The  above  formula  performs  exact  computation  when  m{Ai)  =  '^j^i'na{Aj). 

A  conjunction  of  mutually  exclusive  propositions  would  lead  to  a  contradiction  in  clas¬ 
sical  logics,  or  an  empty  set  in  set  theory.  As  such,  constructing  B  when  Ai  serve  as 
necessary  criteria,  or  neither  necessary  or  sufficient  criteria,  for  B  is  often  not  of  practical 
use.  Therefore,  the  implementation  of  Influxi  does  not  include  functions  to  perform  such 
operations. 

The  formulas  for  the  different  versions  of  and  and  or  presented  above  are  both  associative 
and  commutative,  and  thus  can  be  efficiently  applied  in  a  pairwise  fashion  to  an  arbitrary 
number  of  propositions.  When  the  beliefs  associated  with  A  and  B  are  certain  and  A  and 
B  are  independent,  the  formulas  simplify  to  the  classical  and  and  or  connectives.  Unlike 
the  and-  and  or-typed  operators,  the  mean  operator  is  only  quasi-associative  —  in  Influxi 
this  is  resolved  by  ensuring  the  operation  is  performed  in  an  associative  manner,  and  thus 
can  be  utilised  in  the  same  way  as  other  operators. 


4.1.2  General  discussion 

As  emphasised  at  the  beginning  of  the  document,  Influxi  does  not  aim  to  faithfully  im¬ 
plement  D-S  theory,  but  to  capitalise  on  the  ideas  and  techniques  offered  by  the  theory 
to  represent  belief  and  reason  under  uncertainty.  To  this  end,  the  rationale  for  utilising 
BFoDs  in  Influxi  is  multifold,  including: 
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•  this  restricted  form  of  FoD  makes  possible  the  derivation  of  simplified  versions  of 
various  combination  operators  and  propagation  functions  (see  Sections  4.3  and  4.4), 
thus  dramatically  reducing  the  computational  complexity  of  the  reasoning  process; 

•  this  concept  representation  also  directly  facilitates  logical  reasoning,  and  significantly 
promotes  other  practically  desirable  properties  (such  as  uniformity,  scalability,  dis- 
tributivity  and  supporting  changes  in  the  knowledge  structure). 

Despite  the  mentioned  advantages,  one  implication  of  the  use  of  BFoDs  is  that  the  full 
expressiveness  and  reasoning  power  offered  by  D-S  theory  is  partially  compromised.  Nev¬ 
ertheless,  the  theoretically  appealing  expressiveness  offered  by  the  D-S  formalism  is  also 
the  very  reason  for  the  impracticability  of  many  applications  based  on  D-S  theory  in  the 
real  world  —  recall  that  the  computational  complexity  of  the  D-S  rule  is  exponential  to 
the  size  of  the  frame  of  discernment.  It  is  thus  a  common  practice  to  impose  certain  re¬ 
strictions  on  the  expressiveness  of  the  formalism  so  as  to  achieve  the  practical  objectives 
of  a  reasoning  system.  To  this  end,  it  is  necessary  to  speculate  on  the  degree  to  which 
the  expressiveness  of  the  D-S  caculus  can  be  preserved  with  the  use  of  BFoDs  as  primitive 
building  blocks  for  knowledge  representation  in  Influxi. 

In  Influxi,  a  frame  D  with  an  arbitrary  size  can  be  represented  by  means  of  one  or  more 
BFoDs.  Such  BFoDs  correspond  to  various  coarsenings  of  D  each  focusing  on  a  proposition 
of  interest.  In  such  cases,  while  incompleteness  pertaining  to  the  belief  associated  with 
each  proposition  (i.e.,  the  ignorance  value)  remains  intact,  a  direct  expression  of  incom¬ 
plete  knowledge  over  a  set  of  mutually  exclusive  propositions  is  no  longer  possible  (as  a 
bpa  cannot  assign  a  single  belief  mass  to  a  set  of  propositions  across  different  frames). 
Also,  implicit  mutual-exclusion  or  set-inclusion  relationships  between  such  propositions  is 
no  longer  implicitly  handled  by  the  D-S  rule.  If  and  as  required,  what  is  no  longer  directly 
represented  or  implicitly  captured  (with  the  use  of  a  complex  frame  of  discernment)  may 
instead  be  represented  by  multiple  propositions  (each  associated  with  a  BFoD  as  a  coars¬ 
ening  of  D)  with  explicit  relationships.  This  effectively  allows  one  to  model  the  useful 
portions  of  the  discernment  space  (2^)  relevant  to  the  problem  at  hand. 

For  the  purpose  of  illustration,  given  the  three  propositions  Ubuntu{X),  RedHat{X), 
and  Linux  {X),  the  BFoDs  associated  with  the  propositions  can  be  considered  coarsenings 
of  an  implicit  frame  OS  =  {Ubuntu,  RedHat,WindowsO(lP,Windo'ws.NT}  (assuming 
that  OS  is  exhaustive).  Here,  Ubuntu,  RedHat  and  Linux  correspond  to  {Ubuntu}, 
{RedHat}  and  {Ubuntu,  RedHat},  respectively,  and  Ubuntu,  RedHat  and  Linux  corre¬ 
spond  to  {RedH  at,  Windows-XP,  Windows -NT},  {Ubuntu,  Window  s -X  P,  Window  S-- 
NT}  and  {Windows-XP,  Windows  .NT},  respectively.  The  frame  OS  effectively  allows 
the  relationship  between  the  propositions  (i.e.,  the  mutual  exclusion  and  set-inclusion)  to 
be  discerned  and  implicitly  captured  within  the  frame.  However  without  expressing  the 
propositions  on  the  common  frame  OS,  such  relationships  need  to  be  explicitly  specified. 
For  instance,  the  set-inclusion  relationship  between  Ubuntu{X)  and  Linux{X): 


Ubuntu{X)  Linux{X) 


(i.e.,  Ubuntu{X)  A  Linux{X),  Ubuntu{X)  Linux{X)),  may  be  expressed  within 
Influxi  using  the  include  operator  (iNC)  as 
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Linux  (X)  =  INC(Ubuntu(X)).^'^ 

The  function  specified  above  can  be  interpreted  as  ‘if  X  is  Ubuntu,  it  is  certainly  Linux; 
otherwise  it  is  unknown  if  X  is  Linux'.  Likewise,  given  the  belief  of  Ubuntu{X)  is  known, 
the  belief  for  RedHat{X)  can  be  explicitly  inferred  as 

Ubuntu{X)  RedHat{X) 

(i.e.,  Lfbuntu{X)  A  RedHat{X),  Ubuntu{X)  A  RedHat{X)),  and  computed  using  the 
following  Influxi  syntax: 

RedHat(X)  =  NOT'^INC(Ubuntu(X)).  (24) 

In  the  same  vein,  if  RedHat{X)  is  known,  the  belief  for  Ubuntu{X)  can  be  explicitly 
represented  and  computed  in  Influxi: 

Ubuntu(X)  =  NOT^INC(RedHat(X)).  (25) 

The  two  functions  above  indicate  that  if  X  is  RedHat,  it  is  certainly  not  Ubuntu  (oth¬ 
erwise,  it  is  unknown  if  X  is  Ubuntu),  and  if  X  is  Ubuntu,  it  is  certainly  not  RedHat 
(otherwise,  it  is  unknown  if  X  is  RedHat). 

It  is  important  to  note  that  when  Ubuntu{X)  and  RedHat{X)  both  receive  evidence  and 
transfer  belief  to  each  other  (thus,  necessitating  that  both  functions  (24)  and  (25)  be 
invoked),  one  faces  the  problem  of  circular  inferencing  (as  depicted  in  Figure  8a).  Since 
Influxi  does  not  yet  handle  bidirectional  reasoning,  circular  inferencing  can  be  problematic. 
To  this  end,  circular  inferencing  can  be  avoided  at  the  network  level  by  means  of  ‘divorcing’ 
elements  of  a  set  of  mutually  exclusive  propositions  A  =  {Ai,  A2, . . . ,  A„}.  This  can  be 
done  via  the  use  of  a  dummy  proposition  A(  for  each  Ai  which  collects  and  combines  all 
the  beliefs  induced  on  Ai  (excluding  those  induced  from  Aj,  j  7^  i)  before  transferring 
the  combined  belief  to  Ai  and,  at  the  same  time,  acting  as  evidence  to  disconfirm  Aj 
{Aj  G  A,j  7^  i).  As  shown  in  Figure  8b,  provided  that  the  sources  (e  and  e')  that 
give  evidence  for  isRedHat{X)  and  isUbuntu{X)  are  independent,  the  multiple  beliefs 
associated  with  RedHat{X)  and  Ubuntu{X)  can  be  computed  using  a  fusion  operator 
(such  as  the  D-S  rule): 

RedHat(X)  =  DS (isRedHat (X) ,  NDT^INC(isUbuiitu(X) ) ) 

Ubuntu(X)  =  DS(isUbuntu(X) ,  NOT^INC(isRedHat(X))), 

If  the  beliefs  propagated  to  isRedHat{X)  and  isUbuntu{X)  originate  from  overlapping 
sources,  the  method  that  combines  the  beliefs  should  appropriately  reflect  such  depen¬ 
dency.  Details  relevant  to  the  above  combination  and  propagation  functions  are  discussed 
in  Sections  4.3  and  4.4  of  the  document. 

As  shown  above,  the  discernment  space  2^  can  be  potentially  represented  by  means  of 
BFoDs  and  explicit  relationships  between  them.  Yet,  the  presented  approach  has  the 
following  major  implications: 

the  rule  is  intended  to  be  applied  to  any  computer  X,  the  syntax  should  read:  Linux($X)  = 
INC(Ubmitu($X)). 
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Figure  8:  The  circular  inferencing  between  Ubuntu{X)  and  RedHat{X)  in  (a)  can  he 
resolved  by  decoupling  the  two  propositions  via  the  use  of  the  dummy  propositions 
isUbuntu{X)  and  isRedHat{X)  as  shown  in  (b). 


•  An  explicit  representation  of  a  portion  of  the  discernment  space  by  means  of  coars¬ 
ened  frames  and  the  relationships  between  them  (instead  of  having  them  implicitly 
embedded  in  D  in  the  standard  approach)  generally  results  in  a  less  compact  network, 
as  a  trade-off  for  attaining  the  aforementioned  practical  goals  of  the  reasoner.  If  U 
contains  many  elements,  and  the  portion  of  interest,  S,  of  the  discernment  space  is 
large  and  complex,  an  explicit  representation  of  the  space  of  interest  can  be  cumber¬ 
some.  Fortunately,  in  many  practical  cases,  S  is  relatively  small  and  hierarchically 
structured  as  illustrated  in  Figure  4  and  discussed  in  Section  3.2.3.  Indeed  in  such 
situations,  the  use  of  a  small  number  of  binary  frames  (as  coarsened  frames  of  D), 
instead  of  a  large  frame  of  discernment,  can  provide  a  more  intuitive  and  transparent 
way  to  capture  the  expert’s  knowledge,  as  well  as  eliminate  the  need  to  specify  the 
complex  relationship  between  any  two  frames  with  an  arbitrary  size. 

•  The  transfer  of  belief  between  subsets  in  D  as  carried  out  by  the  D-S  rule  does 
not  assume  any  direction.  As  Influxi  does  not  yet  handle  bidirectional  reasoning, 
inferencing  between  the  propositions  in  S  is  carried  out  according  to  the  direction 
explicitly  specified,  in  a  uniform  manner  with  the  rest  of  the  rule  network. 

Both  of  the  issues  presented  above  are  part  of  the  agenda  to  be  addressed  in  the  design 
and  implementation  of  Influx2. 


4.2  Belief  representation 

In  Section  3,  we  presented  three  basic  belief  functions  to  capture  imperfect  knowledge 
expressed  on  a  frame  of  discernment;  basic  probability  assignment  (bpa  or  m),  belief 
function  (Bel)  and  plausibility  function  (PI).  These  three  functions  have  direct  corre¬ 
spondence  and  can  be  converted  between  each  other  through  linear  transformation  (i.e, 
Mobius  transform).  For  this  reason,  when  the  distinction  between  them  does  not  matter, 
we  will,  hereafter,  simply  refer  to  them  as  belief  functions. 

Due  to  their  mathematical  equivalence,  any  of  these  functions  can,  in  principle,  be  used 
to  encode  the  knowledge  base,  and  which  function  to  use  depends  on  preference  and 
convenience.  For  instance,  the  function  m  can  be  recovered  from  Bel  as 

m{A)  =  (-l)A\^l  Bel{B)  (26) 

BCA 

where  |  .  |  denotes  the  cardinality. 

Since  a  BFoD  is  used  for  concept  representation  in  Influxi ,  it  is  straight-forward  to  use  the 
bpa  m  for  storing  and  computing  knowledge.  However,  Influxi  supports  these  three  belief 
functions,  and  the  user  may  choose  on  each  occasion  which  to  use.  Since  a  bpa  m  expresses 
belief  on  a  frame  of  discernment  at  a  primitive  level,  and  thus  enables  direct  manipulation 
of  the  belief  mass  assigned  to  individual  propositions,  it  is  a  natural  choice  for  describing 
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input  knowledge,  and  the  current  state  of  knowledge.  Whereas  for  knowledge  outcomes, 
the  natural  choice  is  the  degree  of  belief  and  plausibility  of  propositions  as  supported  by 
evidence. 

As  BFoDs  (e.g.,  Qa  =  {A,  A})  are  the  building  blocks  for  representing  knowledge  in 
Influxi,  a  bpa  m  associated  with  each  concept  is,  in  this  particular  case,  defined  by  the 
three  numbers  m({A}),  m({A}),  and  m(0)  (or  m({A,  A})).  Then  the  degree  of  belief  of 
A  is  simply  given  by: 

Bel{{A})  =  m({A}) 

while  the  plausibility  of  A  is  computed  as: 

Pl{{A})  =  m{{A})  +  m(0^)  =  1  -  Bel{{A}) 
and  the  quantity  m(0A)  corresponds  to  the  amount  of  ignorance. 

The  use  of  BFoDs  and  their  associated  bpas  in  Influxi  provides  the  reasoning  system  a 
simple  and  uniform  belief  representation  (i.e.,  the  belief  associated  with  every  concept  is 
represented  in  the  form  (m({A}),  m({A}),  and  m(0^)),  contributing  significantly  to  the 
efficiency  of  system  development  and  deployment. 


4.2.1  Belief  and  plausibility  functions 

In  general,  a  belief  function  is  useful  in  indicating  the  degree  to  which  a  proposition  is 
believed  to  be  true  (due  to  the  available  evidence  confirming/disconfirming  it,  and  the 
defined  relationships  between  the  propositions),  while  the  plausibility  function  suggests 
the  extent  to  which  a  proposition  could  possibly  be  true  (due  to  the  same  evidence  and 
relationships).  Commonly  accepted  interpretations  for  the  associated  interval  \Bel,  PI] 
are  as  follows: 

•  no  knowledge  at  all  about  A. 

•  0]  •  A  is  false. 

•  Ayi^  p:  A  is  true. 

•  A[o.25,  ij:  evidence  provides  partial  support  for  A. 

•  A[o^o.85]-  evidence  provides  partial  support  for  A. 

•  A[o.25,  0.85]'  Aie  evidence  simultaneously  provides  support  for  both  A  and  A. 

4.2.2  Pignistic  and  ternary  logic  functions 

Besides  the  belief  and  plausibility  functions  which  are  the  two  standard  criteria  for  decision 
making,  Influxi  also  provides  two  additional  belief  representations  using  the  pignistic 
function  BetP  and  the  ternary  logic  function  T.  The  pignistic  function  endows  users  with 
the  flexibility  to  adopt  a  probabilistic  interpretation  of  knowledge  (which  is  necessary 
when  decision  making  is  to  be  carried  out  based  on  how  probable  a  hypothesis  is),  as  well 
as  the  capability  to  switch  to  probabilistic  reasoning  at  any  point  throughout  the  reasoning 
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process.  Likewise,  the  ternary  logic  function  allows  reasoning  in  Influxi  to  simplify  into 
reasoning  with  three- valued  logic  {true,  false,  or  unknown)  when  necessary. 


Pignistic  function  In  the  framework  of  transferable  belief  models  (TBMs),  Smets  [51] 
distinguished  two  different  ways  to  quantify  beliefs  according  to  the  mental  level  in  which 
they  are  used:  at  the  credal  level  (where  beliefs  are  entertained),  it  is  essential  that  beliefs 
are  represented  as  belief  functions;  and  at  the  pignistic  level  (where  beliefs  are  used  to 
make  decisions),  it  is  necessary  that  beliefs  are  represented  as  probability  functions.  To 
this  end,  the  BetP  function  allows  one  to  transform  a  belief  measure  into  a  probability 
measure  as  defined  below: 

^  m{6) 

Oieece  '  ' 

=  '^BetP{Bi),9  Pe.  (27) 

di&B 

In  the  case  of  Influxi  with  BFoDs,  this  simplihes  to  the  equal  distribution  of  m{Qyi)  to 
m{{A})  and  m{{A}). 

Example  7  Given  the  bpa  mc^  which  expresses  the  belief  associated  with  the 
proposition  ClassifiedComputerOn{X)  (denoted  as  Cc)  in  Figure  9: 

mcMCc})  =  0, 

"iCc({Cc})  =  0.44, 

=  0.56, 

this  belief  can  be  represented  with  Bel,  PI  and  BetP  as: 

Cc  [Bel,  Pl\  =  Cc  [0,  0.56] ) 

and 

BetP{Cc)  =  0.28, 

BetP(C~c)  =  0.72. 

According  to  the  BetP  function,  the  probability  for  the  fact  that  ‘a  computer 
X  is  on  and  classified’  is  28%.  However,  the  Bel  and  PI  functions  provides 
more  insight  into  this  result:  (i)  this  fact  is  currently  not  conhrmed  by  the 
available  evidence  (?7iCc({Cc})  =  BelcSi^c})  =  0)  while  there  is  evidence 
that  partially  disconhrms  this  fact  (w-Cc({Cc})  =  BelcSi^c})  =  0.44);  and 
(ii)  in  general  this  result  is  not  strongly  supported  (indicated  by  a  reasonably 
large  amount  of  belief  mass  assigned  to  ignorance:  rncS^Cc)  =  0.56)  due  to 
either  a  lack  of  evidence  or  a  weak  relation  defined  between  the  proposition 
and  those  from  which  it  infers  belief. 

By  supporting  multiple  modalities  for  belief  representation,  Influxi  provides  a  rich  and 
informative  interpretation  of  a  piece  of  knowledge.  For  instance.  Figure  10  depicts  two 
very  different  situations  which  give  rise  to  the  same  answer  in  terms  of  probabilistic  in¬ 
terpretation.  In  Figure  10a,  the  two  sensors  are  not  activated,  and  thus  are  completely 
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mcJScJ 


0, 

0.44.  (^c[Bel.ri] 
0.56 


Q  [0.  0.56] 


DetP(Cc) 

DetPiC'r) 


0.28 

0.72 


Figure  9:  An  illustration  of  different  ways  to  represent  belief  for 

ClassifiedComputerOn{X)  in  Example  7.  The  bpa  mc^  is  gener¬ 

ally  suitable  for  capturing  the  input  and  current  state  of  knowledge,  while 
the  other  two  representations  (middle  and  right)  are  useful  to  summarise  the 
outcome  (specifically,  as  degrees  of  belief  and  plausibility  using  the  Bel  and  PI 
functions,  or  as  probabilities  using  the  BetP  function). 


ignorant  about  whether  there  is  any  traffic  or  ping  response  from  computer  X  (revealed 
in  the  vacuous  bpas  mp  and  mp),  whereas  in  Figure  10b,  TcpDump  certainly  observes 
traffic  from  X  but  Ping  has  not  received  any  response  from  the  computer  (revealed  in 
their  total  confirmation  and  disconfirmation  bpas).  In  both  cases,  the  computer  X  has 
an  equal  probability  to  be  on  or  off  (as  indicated  by  the  BetP  functions).  However,  the 
information  provided  by  the  Bel  and  PI  functions  faithfully  reflects  the  reality:  (i)  though 
it  is  totally  plausible,  there  is  absolutely  no  evidence  informing  the  status  of  X  in  the 
former  scenario  (i.e.,  C[o^  i]  and  C[o^  ij),  and  (ii)  there  is  an  equal  amount  of  evidence  that 
supports  both  possible  states  of  the  computer  X  (i.e.,  Cjo.44,  o.56]  C[o,44^  o.56])  ™ 

latter  scenario. 


Ternary  logic  function  Instead  of  simplifying  reasoning  with  belief  functions  into 
probabilistic  reasoning  via  the  use  of  the  pignistic  function,  the  ternary  logic  function 
T  effectively  reduces  reasoning  with  belief  functions  to  three-valued  logical  reasoning  in 
a  seamless  manner  when  the  belief  supporting  a  proposition  reaches  a  sufficient  degree  of 
certainty  defined  by  5.  The  function  T  for  a  BFOD  0  is  defined  as: 

VA  c  0,T(A)  = 

r(0)  =  1  -  T{A) 

Ace 


1  if  m{A)  >  6,  where  6  G  [0.5, 1] 
0  otherwise 


(28) 
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Figure  10:  An  illustration  of  disparate  situations  where  the  output  knowledge  provides  the 
same  probabilistic  answers.  In  (a),  there  is  absolutely  no  evidence  informing 
the  status  of  the  computer  A  while  in  (b)  there  is  an  equal  amount  of  evidence 
that  supports  both  possible  states  of  X.  However  in  both  cases,  the  computer 
X  has  an  equal  probability  to  be  on  or  off.  The  propagation  functions  Y  and  AS 
will  be  discussed  in  Section  f.f. 


which  allows  each  proposition  A  to  be  interpreted  as  being  either  true  (i.e.,  i])  ,  false 

(i.e.,  A[o,o])  or  ‘unknown’  (i.e.,  Ajg^i]). 


4.3  Belief  combination 

In  Section  4.1,  we  discussed  how  to  combine  a  set  of  beliefs  pertaining  to  different  proposi¬ 
tions,  mci,  mc2,  •  ■  • ,  PPCn,  to  form  a  new  belief  for  the  constructed  proposition,  mp.  For 
instance,  in  Figure  6,  the  and  operator  combines  the  beliefs  associated  with  ComputerOn- 
{X)  and  Classified{X)  in  order  to  produce  the  belief  for  the  compound  proposition 
ClassifiedComputerOn{X).  This  section  addresses  combination  of  beliefs  pertaining  to 
the  same  proposition  —  the  situation  that  arises  when  there  is  more  than  one  belief, 
mpi,mp2, . . .  ,mpn,  induced  on  P  from  multiple  sources.  For  example,  ComputerOn{X) 
is  at  one  time  associated  with  both  and  propagated  from  TcpDump{X)  and 
Ping{X)  (see  Figure  11). 

In  Influxi,  belief  combination  receives  two  major  treatments:  (i)  combination  by  means 
of  a  fusion  operator  (if  mpi,mp2,  ■  ■  ■  ,mpn  are  induced  by  a  set  of  information  sources 
E  =  {El,  E2, . .  ■ ,  En}  serving  as  evidence  for  P),  and  (ii)  combination  on  the  basis  of 
sufficiency  and  necessity  criteria  {A  mpi,mp2,  ■  ■  ■  ,mpn  are  induced  by  set  of  information 
sources  C  =  {Ci,C2,  ■  ■  ■  ,Cn}  serving  as  conditions  for  P). 

The  former  type  of  belief  combination  is  extensively  studied  in  the  literature  of  information 
fusion  and  evidential  reasoning.  In  these  paradigms,  Ei  serves  as  evidence  for  P  —  the 
evidence  Ei  may  reveal  the  truth  or  otherwise  of  P.  With  respect  to  causal  knowledge,  Ei 
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corresponds  to  an  outcome,  effect  or  manifestation  of  P.  For  instance,  ‘  TcpDump  observes 
packets  from  A’  (T)  is  an  outcome  (thus,  evidence)  of  ‘the  computer  X  is  on’  (C)  which 
may  in  turn  be  an  outcome/evidence  for  ‘the  computer  X  is  plugged  in’  (Pg).  As  such, 
by  observing  T  or  C,  one  can  infer  C  or  Pg,  respectively.  When  there  are  multiple  pieces 
of  evidence  bearing  on  a  proposition  (as  shown  in  Figure  11c),  the  overall  belief  for  the 
proposition  is  obtained  through  an  aggregation  of  the  beliefs  induced  by  the  evidence  using 
a  fusion  operator.  A  fusion  operator  generally  does  not  assume  any  form  of  interaction 
between  the  opinions.  It  aims  to  find  the  consensus  among  the  opinions  in  order  to  obtain 
a  better  estimate  about  the  situation. 

The  latter  type  of  belief  combination  handles  the  situations  where  Ci  serves  as  a  condition 
for  P  —  the  condition  Ci  allows  the  prediction  of  P.  With  respect  to  causal  knowledge, 
Ci  corresponds  to  a  cause  of  P.  For  instance,  ‘the  computer  X  is  plugged  in’  (Pg)  may 
cause  ‘the  computer  X  is  on'  {C)  which  in  turn  may  cause  ^TcpDump  observes  packets 
from  X'{T).  As  such,  given  Pg  or  C,  one  may  predict  C  or  T,  respectively.  When  there 
are  multiple  conditions  associated  with  P,  their  opinions  about  the  proposition  need  to  be 
combined  according  to  the  notion  of  sufficiency  and  necessity  to  predict  P. 

When  the  multiple  beliefs  associated  with  a  proposition  P  are  induced  by  both  C  and  E, 
the  combined  belief  for  C  and  the  combined  belief  for  E  should  be  separately  computed 
before  being  aggregated  using  a  fusion  operator.  The  two  types  of  belief  combination  are 
discussed  in  more  detail  below. 


4.3.1  Belief  combination  pertaining  to  evidence 

Influxi  is  expected  to  deal  with  uncertain,  incomplete  and  conflicting  information.  Such 
imperfect  information  can  be  due  to  the  information  itself,  to  the  reliability  of  its  sources, 
or  to  errors  in  measurement,  transmission,  communication  or  interpretation  of  the  infor¬ 
mation.  When  precision  and  reliability  are  critical  (such  as  in  situational  awareness  and 
mission  control  systems),  information  is  often  collected  and  fused  from  multiple  sources 
in  order  to  enhance  the  accuracy  of  the  information,  and  subsequently  the  quality  of 
reasoning  and  decision  making  processes. 

This  type  of  belief  combination  is  extensively  studied  in  the  literature  of  information 
fusion  and  evidential  reasoning.  Mathematically  in  the  D-S  framework,  belief  combination 
involves  aggregating  beliefs  induced  by  multiple  information  sources  bearing  on  the  same 
frame  of  discernment  (i.e.,  and  in  Figure  11).  Here,  each  information  source  Ei 
(or  more  precisely,  the  belief  of  Ei)  serves  as  evidence  for  P,  and  the  beliefs  induced  by  a 
collection  of  evidence  E  on  P  are  combined  with  a  fusion  operator. 

In  the  particular  example  in  Figure  11,  TcpDump{X)  (T)  and  Ping{X)  (P)  serve  as 
information  sources  for  ComputerOn{X)  {C),  and  their  respective  beliefs  mx  and  mp 
(e.g.,  ^TcpDump{X)  believes  strongly  to  have  observed  packets  from  A’  or  ^Ping{X) 
certainly  has  received  responses  from  A’)  serve  as  evidence  to  infer  the  status  of  C.  Each 
individual  opinion,  and  m^,  corresponds  to  distinct  beliefs  bearing  on  C,  and  can 
be  viewed  as  opinions  of  TcpDump{X)  and  Ping{X)  about  ComputerOn{X)  given  mp 
and  mp.  Belief  combination  using  a  fusion  operator  is  usually  called  for  in  the  following 
scenarios. 
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Figure  11:  The  belief  associated  with  ComputerOn{X)  is  likely  to  be  more  reliable  through 
a  combination  of  opinions  ( expressed  in  the  form  of  belief  functions  and 
m^)  provided  by  the  two  sensors  TepDump  and  Ping. 


•  When  dealing  with  imperfect  knowledge /information,  one  often  does  not  rely  on  one 
source  of  information.  Rather  one  attempts  to  increase  the  reliability  of  the  infor¬ 
mation  by  collecting  relevant  evidence  from  multiple  sources  and  combining  their 
respective  beliefs  about  the  information  in  question.  Considering  the  two  opinions 

and  provided  by  the  two  sensors  TepDump  and  Ping  given  in  Figure  11a 
and  Figure  11b,  one  would  obtain  a  more  ‘informed  opinion’  about  C omputerOn{X) 
through  an  aggregation  of  the  opinions  provided  by  both  the  sensors  (see  Figure  11c). 
As  depicted  in  the  figure,  strongly  supports  ComputerOn{X)  while  strongly 
supports  its  negation  C omputerOn[X) .  By  fusing  these  two  belief  functions  using 
the  D-S  rule,  the  obtained  reflects  the  reality  that  both  the  proposition  and 

its  negation  are  equally  supported  by  the  collected  evidence.  When  an  informa¬ 
tion  source  is  totally  ignorant  about  the  situation,  its  belief  (which  is  expressed  in 
the  form  of  a  vacuous  bpa)  has  no  impact  on  the  aggregated  belief  because  such  a 
vacuous  bpa  (m'^)  serves  as  a  neutral  element,  i.e.,  ®m  =  m. 

•  It  is  possible  that  different  reasoning  paths  in  a  rule  network  lead  to  different  conclu¬ 
sions  regarding  the  same  proposition  (e.g.,  executing  the  two  rules  A  A  B  ^  D  and 
C  ^  D  can  result  in  different  states  of  belief  about  D).  While  different  conclusions 
derived  for  a  proposition  would  be  treated  as  contradictions  and  thus  rejected  in 
monotonic  reasoning,  this  is  a  typical,  expected  and  desirable  situation  in  Influxi 
and  the  conclusions  in  such  a  case  are  simply  aggregated  through  a  combination  of 
their  respective  belief  functions  using  a  fusion  operator. 


4. 3. 1.1  Fusion  operators  A  fusion  operator  is  generally  used  when  a  more  ‘informed’ 
view  or  a  more  objective  opinion  about  a  situation  is  required  through  an  aggregation  of 
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the  beliefs  pertaining  to  the  different  views  (or  opinions)  about  the  situation.  In  general, 
belief  fusion  promotes  belief  confirmation/disconfirmation  about  a  proposition  A  when 
the  different  information  sources  (or  evidence)  agree  with  each  other  in  their  view  about 
A.  More  particularly,  (i)  when  the  information  sources  tend  to  agree  with  each  other  in 
confirming  A,  belief  of  A  will  be  promoted,  that  is  a  number  of  weak  confirming  beliefs 
might  produce  a  strong  confirming  belief;  and  (ii)  when  the  information  sources  tend  to 
agree  with  each  other  in  disconfirming  A,  belief  of  A  will  be  promoted,  that  is  a  number 
of  weak  disconfirming  beliefs  might  produce  a  strong  disconfirming  belief.  Conversely, 
when  the  information  sources  are  in  disagreement,  belief  fusion  appropriately  ‘balances- 
out’  their  opinions  (e.g.,  the  D-S  rule)  or  promotes  ignorance  (e.g.,  the  D-P  rule)  when 
computing  belief  associated  with  the  aggregated  opinion. 

Having  presented  such  general  characteristics  of  belief  fusion,  which  method  to  use  to  per¬ 
form  such  aggregation  would  depend  on  a  number  of  factors,  one  being  the  potential  depen¬ 
dency  among  the  opinions  (or  views)  being  combined.  For  instance,  let’s  assume  that  both 
a  person  A  and  a  person  B  give  their  opinions  that  the  computer  X  is  on,  and  let’s  imagine 
the  two  following  scenarios:  (i)  B  has  actually  learnt  about  this  event  directly/indirectly 
from  A,  and  (b)  B  himself/herself  has  witnessed  the  event.  It  is  obvious  that  a  fusion  op¬ 
erator  should  not  treat  the  two  opinions  as  having  an  equal  and  independent  contribution 
and  thus  strengthen  the  confirmation/disconfirmation  of  C omputerOn{X)  in  the  former 
case,  while  it  should  in  the  latter  case.  This  factor,  amongst  others,  explains  the  existence 
of  a  collection  of  different  combination  rules  investigated  in  the  literature  which  offer  al¬ 
ternative  methods  to  aggregate  opinions  according  to  specific  situations  when  relevant 
knowledge  about  the  opinions  is  available. 

A  collection  of  implemented  fusion  operators  As  no  single  fusion  operator  investi¬ 
gated  in  the  literature  is  suitable  for  all  situations,  and  as  Influxi  is  intended  to  support  a 
wide  range  of  applications,  it  is  necessary  for  practitioners  to  have  at  their  disposal  a  set  of 
operators  covering  different  fusion/reasoning  scenarios.  To  this  end,  we  have  implemented 
the  collection  of  combination  rules  summarised  in  Tables  5  and  6,  the  representatives  of 
which  are  presented  in  Table  9. 

Due  to  the  adoption  of  BFoDs  as  a  building  block  for  concept  and  belief  representation 
in  Influxi,  we  also  include  the  implementation  of  a  so-called  summation  rule  which  is 
applicable  when  the  information  sources  Ei  correspond  to  mutually  exclusive  propositions. 
The  summation  rule,  when  applied  to  combine  the  two  bpas  mi  and  m2  associated  with  a 
proposition  P,  simply  sums  over  all  the  confirmation  (mi2({T’})  =  mi({P})  -|-  m2{{P})) 
and  disconfirmation  belief  masses  (mi2({F})  =  mi({P})  -|-  m2({P})). 

Furthermore,  the  averaging  rule  given  in  Table  5  (Section  3)  does  not  treat  vacuous  bpas 
(the  bpas  that  represent  total  ignorance)  as  neutral  elements  as  other  fusion  operators  do. 
Since  it  is  important  that  a  piece  of  evidence  in  a  total  ignorance  state  should  not  have 
impact  on  the  confirmation/disconfirmation  of  a  proposition,  we  implemented  a  customised 
averaging  rule  in  Influxi  which  can  effectively  and  appropriately  deal  with  vacuous  belief 
functions: 

-  mijeA))  +  m2({A})(l  -  m2(0A))  -  ^ 

(l-mi(0A))  +  (l-m2(0A))  ’  ■  ^  ^ 

From  the  computational  perspective,  a  bpa  m  associated  with  a  proposition  in  Influxi 
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is  defined  only  by  three  numbers,  i.e.,  m{A),  m{A)  and  m{QA)-  This  allows  simplified 
versions  of  the  different  combination  rules  to  be  derived,  significantly  reducing  the  compu¬ 
tational  complexity  of  the  combination  process.  More  specihcally,  in  the  case  of  the  D-S 
rule,  a  reduced  form  of  this  rule  is  given  as 


(o  h)  ®  (c  d) 


ac 

1  —  {ad  +  be) 


Id 

1  —  {ad  +  be) 


(30) 


where  x  =  1  —  x,  and  x,  y  in  {x  y)  denote  Bel{A),  Bel{A)  of  a  proposition  A,  respectively. 
This  particular  representation  of  the  rule  makes  it  possible  to  formulate  an  inverse  function 
[18]  to  subtract  evidence: 


(a  b)  —  (c  d) 


e{ad  —  be)  d{be  —  ad) 

cd  —  bee  —  add  ’  cd  —  bee  —  add 


(31) 


Not  only  does  this  permit  a  significant  speed-up  in  combining  a  large  number  of  belief 
functions  (evidence),  but  the  presence  of  the  inverse  formula^®  allows  the  belief  for  a 
concept  to  be  efficiently  updated  (recomputed  by  subtracting  the  belief  of  the  evidence 
to  be  removed,  and  then  re-fusing  with  the  belief  of  the  new  evidence)  without  having  to 
repeat  the  whole  combination  process^®. 


Provided  below  is  a  discussion  regarding  the  potential  usage  of  a  number  of  combination 
rules  implemented  in  Influxi.  In  particular,  it  provides  some  suggestions  on  the  applicabil¬ 
ity  of  combination  rules  in  Table  9  as  the  fusion  operator  in  the  various  scenarios  depicted 
in  Figure  12. 


Combination  of  belief  from  independent  sources  In  the  typical  situations  depicted 
in  Figures  12a  and  12b,  the  beliefs  propagated  to  D  {A  ^  D,  B  ^  D,  C  ^  D)  come  from 
independent  sources,  (T)-typed  operators  are  the  most  appropriate  ones  to  combine  belief 
for  D.  Provided  that  the  sources  are  reliable  (Figure  12a),  the  D-S  and  D-P  rules  are  the 
recommended  operators.  The  D-S  rule  emphasises  consensus  between  and 

proportionally  promotes  the  states  of  D  in  agreement.  On  the  other  hand,  the  D-P  rule 
emphasises  both  consensus  and  conflict  —  it  captures  ‘hard’  consensus  between  opinions 
and  distributes  conflict  mass  to  the  relevant  disjunctive  state  (or  ignorance,  in  the  case  of 
Influxi  —  thus  equivalent  to  Yager’s  rule).  For  instance,  an  application  of  the  D-S  and 
D-P  rules  to  the  example  in  Figure  11  would  produce  the  following  combined  opinions 
{m^^  and  ,  respectively)  about  Computer On{X): 

mEHiC})  =  0.49, 
mEH{C})  =  0.49, 

mEH^c)  =  0.02; 


^®Indeed,  an  inverse  formnla  exists  for  the  class  of  non-dogmatic  bpas  —  thanks  to  Dr.  Martin  Oxenham 
for  pointing  this  out  to  us. 

^®The  inverse  formula  for  the  D-S  rule  is  not  currently  implemented  in  Influxi  due  to  the  fact  that  there 
does  not  yet  exist  such  a  formula  for  the  other  combination  rules.  However,  the  inverse  formula  can  be 
added  to  a  future  version  of  Influxi  as  an  optimisation  feature,  if  desired. 
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Evidence  type 

Operator  type 

Specific  operator 

Evidence  from  independent  sources 

© 

0OS 

(D-S  rule) 

(D-P  rule) 

©^ 

(disjunctive  rule) 

Evidence  from  dependent  or  partially  de¬ 
pendent  sources 

(cautious  rule) 

(semi-cautious  rule) 
(averaging  rule) 

Independent  evidence  from  a  common 
source 

© 

(cumulative  rule) 

Evidence  from  mutually  exclusive  sources 

©c 

(cautious  rule) 

© 

(summation  rule) 

Table  9:  Major  fusion  operators  implemented  in  Influxi  and  their  notations  used  in  this 
document;  where  (T),  and  (§)  stand  for  independent,  dependent,  cumulative 

and  summation,  respectively.  Please  note  that  as  given  in  Table  5,  not  all  of  the 
fusion  operators  illustrated  here  are  both  commutative  and  associative  (i.e.,  the 
averaging  rule  is  not  associative  and  the  DP-rule  is  quasi- ass ociativ e) .  However, 
associativity  for  these  rules  is  achieved  in  the  implementation  of  Influxi  through 
different  treatment  of  the  non-associative/ associative  components  of  the  rules. 


and 

mc^{{C})  =  0.17, 

=  0.17, 

'fnc^iQc)  =  0.66. 

This  example  suggests  that  the  use  of  the  D-S  rule  is  recommended  in  a  general  case  where 
the  information  sources  are  somewhat  expected  to  provide  diverging  opinions.  However, 
when  snch  divergence  may  suggest  some  abnormality  or  suspicious  event  that  needs  to  be 
captured,  the  D-P  rule  may  become  more  useful.  When  there  are  no  conflicts  among  the 
opinions,  the  two  rules  produce  exactly  the  same  results^^. 

In  some  extreme  scenarios  (Figure  12b)  where  some  of  the  sensors  are  known  (or  assumed) 
not  to  provide  correct  information  (e.g.,  due  to  sensors  being  broken)  bnt  knowledge  of 
the  specific  unreliable  sources  is  unavailable,  the  more  appropriate  fusion  operator  to  use 
in  this  case  would  be  the  disjunctive  rule  ((L)^).  The  disjunctive  rule  of  combination 
resolves  the  problem  of  combining  opinions  (e.g.,  m^,  and  m^)  potentially  provided 
by  unreliable  sources  by  distributing  the  belief  masses  associated  with  partial  agreement 

^^Please  note  that  in  both  cases  the  degree  of  conflict  associated  with  the  belief  functions  being  combined 
can  be  captured  in  the  K  value  presented  in  Section  3. 
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and  conflict  between  the  opinions  to  the  relevant  disjunctive  states  of  the  proposition  D 
(or  ignorance,  in  the  case  of  Influxi).  In  general  the  disjunctive  rule  operates  in  a  very 
cautious  manner  (promoting  ignorance) ,  and  should  only  be  used  when  necessary  —  when 
most  of  the  sensors  are  well  known  to  be  possibly  unreliable. 


D-P  mi.') 
(a) 


luireliable  sources 


(p.g..  disjunctive  rulf) 

(h) 


Figure  12:  An  illustration  of  various  scenarios  pertaining  to  belief  combination.  In  this 
figure,  the  belief  associated  with  the  information  sources  for  a  proposition  serve 
as  evidence  for  the  proposition.  For  instance,  the  belief  associated  with  A,  B 
and  C  in  (a)  are  evidence  which  provide  multiple  opinions,  m^,  and  rn^, 
about  D. 


Combination  of  belief  from  (partly)  dependent  sources  In  circumstances  where 
the  belief  propagated  comes  from  non-independent  sources  (Figures  12c  and  12d),  (D)-typed 
operators  can  in  turn  be  leveraged. 

•  With  respect  to  Figure  12c,  the  beliefs  to  be  combined  at  E  can  all  be  considered  to 
be  provided  by  the  same  source  A,  but  each  ‘relayed’  through,  and  adjusted  by  B, 
C  and  D.  Thus  it  is  plausible  in  this  case  to  ‘average  out’  the  belief  propagated  to 
E  from  B,  C  and  D,  justifying  the  use  of  the  averaging  rule. 

•  Regarding  Figure  12d,  the  direct  information  sources  of  F  assume  a  form  of  partial 
dependency  (i.e.,  the  belief  associated  with  E  is  influenced  by  only  C  while  that 
associated  with  D  is  influenced  by  A,  B  and  C),  the  applicability  of  the  averaging 
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rule  presented  above  (which  assumes  an  equal  credibility  of  rrip  and  rrip)  seems  less 
justified  in  this  case. 


—  Customising  the  averaging  rule  One  possible  solution  is  to  customise  the 
averaging  rule  and  include  in  its  formula  the  so-called  importance  weights 
which  reflect  the  relative  importance  of  each  belief  function  to  be  combined 
rrii  based  on  the  degree  of  dependency  between  their  sources.  For  instance, 
given  the  importance  weights  for  and  as  and  p,2,  and  gi2  can  be 
computed  as  1  and  respectively,  according  to  the  number  of  sources  feeding 
evidence  to  D  and  E.  Then  can  be  combined  through  an  incorporation 

of  and  /i2  into  the  averaging  rule  in  Eq.  (29)  as  follows: 


(0a))  +  /X2mf  ({A})(1  -  m§,{&A)) 
^i(l  -  m^(0A))  +  /i2(l  -  rnf{QA)) 


(32) 


—  Utilising  the  cautious  rule  Another  possible  option  is  to  utilise  the  cau¬ 
tious  rule.  In  some  specific  scenarios,  the  cautious  rule  is  able  to  deal  with 
non-distinct  and  non-independent  evidence  by  avoiding  counting  each  body  of 
evidence  more  than  once,  due  to  its  idempotency.  In  a  general  setting,  the  rule 
manages  the  evidence  dependency  problem  by  operating  in  a  ‘cautious’  man¬ 
ner.  For  instance,  the  rule  hrst  decomposes  rrip  and  mp  into  a  collection  of 
simple  bpas,  {?7if;’({F})}  and  {mp({F})},  and  then  recombines  the  two  simple 
bpas  that  provide  the  maximal  support  for  {F}  or  {F}.  However,  the  rule 
assumes  a  strong  evidence  dependency  and  at  times  can  be  too  ‘cautious’.  The 
adequacy  of  the  cautious  rule  is  somewhat  diminished  when  the  opinions  or 
pieces  of  evidence  have  overlapping  information  sources,  and  are  thus  only  in 
a  partial  dependency  relationship.  To  this  end,  Influxi  also  offers  a  so-called 
semi-cautious  rule  (presented  below)  to  deal  with  such  situations.  The  use¬ 
fulness  of  the  semi-cautious  rule  prevails  in  cases  where  the  network  structure 
is  complex,  rendering  the  measurement  of  evidence  dependency  nontrivial  or 
infeasible. 


The  semi-cautious  rule 

As  previously  described,  the  cautious  and  D-S  rules  represent  both  extremes 
of  information  fusion  with  respect  to  the  dependence  of  evidence.  On  the  one 
hand,  a  cautious  rule  is  able  to  fuse  dependent /identical  evidence.  On  the  other 
hand,  the  D-S  rule  mandates  that  the  evidence  be  distinct  and  independent. 
To  fuse  partially  dependent  evidence,  one  would  need  to  find  an  intermediate 
between  these  extremes.  The  idea  underpinning  the  semi-cautious  rule  is  based 
on  the  study  by  Denoeux  [8]  who  proposed  to  replace  the  minimum  operator 
in  the  cautious  rule’s  formula  (see  Table  6)  with  a  parameterised  family  of 
triangular- norms  (or  t-norms)^®  on  [0,  1].  One  such  family  of  t-norms  is  the 
Dubois-Prade  family  dehned  as: 

xTj^^y  = - ^ - r,  where  T  is  a  a  t-norm  and  7  G  [0, 1]  (33) 

'  max[x,y,'y) 

t-norm  is  a  generalisation  of  set  intersection.  Mathematically,  a  t-norm  can  be  defined  as  a  func¬ 
tion  from  [0, 1]  X  [0, 1]  to  [0, 1]  with  the  following  fundamental  properties:  commutativity,  monotonicity, 
associativity  and  neutrality  of  1. 
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which  include  the  product  and  minimum  t-norms  as  special  members.  When  T 
is  the  minimum  operator  (i.e.,  7  =  0),  one  obtains  the  cautious  rule.  Conversely, 
when  T  is  the  product  (i.e.,  7  =  1),  one  has  the  D-S  rule.  In  Influxi,  the  value 
for  7  is  encoded  as 

7  =  max{x,  7/)  +  (1  —  max{x,  y))  *  0.5,  (34) 

thereby  achieving  the  semi-cautious  rule.  The  fusion  result  of  this  rule  is  inter¬ 
mediate  between  that  of  the  cautious  and  D-S  rules,  therefore  appropriate  for 
combining  beliefs  from  partly  dependent  sources. 


Combination  of  belief  pertaining  to  independent  pieces  of  evidence  from  a  com¬ 
mon  source  The  cumulative  operator  should  be  used  when  the  beliefs  being  combined 
are  induced  by  distinct  and  independent  evidence  from  a  common  source.  As  illustrated 
in  Figure  12e,  the  sensor  A  is  monitoring  and  regularly  reporting  information  pertaining 
to  i?  in  a  temporal  manner.  For  example,  TcpDump  reports  regularly  at  each  time  point 
ti  within  a  time  window  t  whether  it  has  observed  packets  generated  from  the  computer 
X.  Since  each  observation  at  A  is  carried  out  at  the  time  ti,  it  is  distinct  and  independent 
from  each  other,  yet  provided  by  the  same  source  A.  It  is  intuitive  and  plausible  in  this 
particular  case  to  compute  the  belief  associated  with  B  for  a  specihc  time  window  t  by 
accumulating  all  the  opinions  from  Aio  B  during  the  time  window  (i.e., 
and  justifying  the  use  of  the  cumulative  rule  in  this  case. 


Combination  of  belief  from  mutually  exclusive  sources  As  discussed  in  Section 
4. 1.1. 3,  the  BFoDs  associated  with  mutually  exclusive  propositions  can  be  viewed  as  coars¬ 
enings  of  an  implicit  frame  D.  For  instance,  assuming  that  A,  B  and  C  in  Figure  12f 
constitute  an  exhaustive  set,  their  respective  BFoDs,  ©a  =  {A,  A},  @b  =  {B,B}  and 
©C  =  {C,C},  are  considered  coarsenings  of  U  =  {A,B,C}.  Specifically,  A,  B  and  C 
correspond  to  elements  (or  singleton  subsets)  of  D,  and  A,  B  and  C  correspond  to  {B,  C}, 
{A,  C}  and  {A,  B},  respectively.  Combination  of  beliefs  associated  with  D  can  be  treated 
in  the  two  following  ways,  which  one  is  to  be  used  depends  on  the  relationship  dehned 
between  each  of  Qa,  ©Bj  ©c  and  ©£>. 

•  Provided  that  the  relationship  between  an  information  source  (e.g.,  A)  and  D  is 
defined  for  all  elements  of  ©^  (i-e.,  A  and  A),  then  the  opinion  propagated  from  A 
to  D  {m^)  can  be  considered  an  approximation  of  the  opinion  to  D  from  its  refined 
frame  D  (m)^).  To  this  end,  m^,  and  would  correspond  to  variations  of  the 
same  opinion  m^.  Thus  it  is  plausible  to  combine  the  opinions  using  the  cautious 
rule  which  treats  the  opinions  as  carrying  overlapping/duplicate  information  in  the 
combination  process. 

•  Alternatively,  the  relationship  between  an  information  source  (e.g.,  A)  and  D  may 
be  only  dehned  for  A  (i.e,  given  A,  it  is  ignorant  about  D).  As  such,  the  opinions 

and  do  not  represent  variations  of  the  opinion  from  D,  but  correspond 
to  the  ‘elementary’  opinions  induced  by  individual  elements  of  D.  In  this  case,  m^, 
and  have  an  additive  effect  on  D  and  thus  should  be  combined  using  the 
summation  rule. 
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I 
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Figure  13:  An  illustration  that  distinguishes  the  use  of  the  ‘and’  operator  to  (i)  com¬ 
bine  opinions  propagated  to  Inaccessible{X)  from  different  information  sources 
(i.e.,  Amf  as  in  (a))  with  the  use  of  the  operator  to  (ii)  combine  the  infor¬ 
mation  sources  themselves  (i.e.,  mL  Amp  as  in  (b))  before  propagating  belief 
to  Inaccessible{X) .  The  latter  situation  is  appropriate  and  valid  where  the 
conditions  Locked{X)  and  PasswordLost{X)  have  a  synergistic  effect  on  the 
proposition  Inaccessible{X) . 


4.3.2  Belief  combination  pertaining  to  conditions 

When  P  may  be  predicted  by  of  one  or  more  conditions  C  =  {Ci,C2, . . .  ,Cn},  the  operator 
that  combines  the  beliefs  induced  by  C  on  P  should  reflect  the  sufficiency  and/or  necessity 
of  the  conditions  with  respect  to  P.  To  this  end,  belief  combination  can  be  performed  using 
the  various  operators  presented  in  Table  7  (Section  4. 1.1. 3)  in  place  of  fusion  operators. 
Practically,  such  operators  can  be  utilised  in  one  of  two  ways:  (i)  constructing  a  new 
proposition  (or  condition)  C'  from  Ci  (if  elements  in  C  collectively  constitute  a  condition 
for  P),  and  (ii)  combining  the  beliefs  (or  opinions)  induced  by  each  Ci  on  P  (if  elements 
in  C  serve  as  individual  conditions  for  P). 


Elements  in  C  collectively  constitute  a  condition  for  P  The  influence  on  P  from  C 
in  this  case  is  captured  in  a  single  relation.  This  requires  a  new  proposition  C'  constructed 
from  Ci  as  discussed  in  Section  4. 1.1. 3,  and  a  specified  relationship  between  C  and  P. 
Examples  are  shown  in  Figures  13b  and  14b.  This  approach  is  generally  applicable  in  the 
following  scenarios. 


•  The  truth  of  all  the  conditions  Ci  in  C  has  a  synergistic  effect  on  P  (see  Figure 
13b).  In  this  case,  it  is  necessary  to  construct  a  new  proposition  C  that  reflects 
the  conjunctive  truth  of  Ci  using  an  and-typed  operator.  For  instance,  each  of  the 
propositions  Locked{X)  and  PasswordLost{X)  on  its  own  may  not  have  a  very 
strong  effect  on  whether  the  computer  X  is  currently  inaccessible  (see  Figure  13a). 
However,  the  fact  that  both  of  the  conditions  are  true  has  a  synergistic  effect  on 
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Figure  14-'  An  illustration  that  distinguishes  the  use  of  the  ‘or’  operator  to  i)  combine 
opinions  propagated  to  Compromised{X)  from  different  information  sources 
(i.e.,  m^pVm^p  as  in  (a))  with  the  use  of  the  operator  to  (ii)  combine  the  infor¬ 
mation  sources  themselves  (i.e.,  mp\/mo  as  in  (h))  before  propagating  belief  to 
C omputerOn{X) .  The  latter  approach  is  appropriate  when  the  relationship  be¬ 
tween  ComputerOn{X)  and  its  conditions  PluggedIn{X)  and  OnBattery{X) 
is  not  sensitive  to  the  specific  condition,  or  conditions,  that  are  true. 


the  inaccessibility  of  A,  in  which  case  it  is  necessary  and  important  to  express 
the  influence  among  the  propositions  as  presented  in  Figure  13b.  Expressing  the 
influence  from  C  onto  P  as  depicted  in  Figure  13a  would  not  reflect  the  reality, 
thereby  providing  an  incorrect  answer. 

•  The  truth  of  one  or  more  conditions  Ct  has  an  impact  on  P,  however  the  nature  of 
the  relation  between  C  and  P  is  not  sensitive  to  the  specifle  condition  Ci  that  is  true, 
nor  which  combination  of  Ci  that  is  true  (see  Figure  14b).  In  this  case,  an  or- typed 
operator  (if  Ci  serve  as  alternative  conditions  for  P),  or  the  mean  operator  (if  Ci 
are  neither  necessary  nor  sufficient)  can  be  used  to  construct  the  new  proposition 
C' .  For  instance,  C omputerOn{X)  can  be  considered  confirmed  if  one  or  more  of 
the  conditions  {PluggedIn{X)  and  OnBattery{X))  is  confirmed,  without  a  need 
to  clearly  distinguish  which  condition,  or  which  group  of  conditions,  is  confirmed. 
As  such  the  relationship  between  the  propositions  can  be  modelled  as  presented  in 
Figure  14b. 

When  the  specific  knowledge  pertaining  to  the  strength  of  the  relation  between  each 
element  of  C  and  P  is  unavailable,  this  approach  can  also  be  used  to  approximate  the 
belief  computed  for  P.  Practical  advantages  of  this  approach  include  the  provision  of 
a  simpler  rule  network,  fewer  numerical  values  required  as  input,  and  an  alleviation 
of  the  complexity  associated  with  knowledge  acquisition,  learning  and  training. 


Elements  in  C  serve  as  individnal  conditions  for  P  Each  condition  Ci  may  have 
a  different  impact  on  P,  and  the  impact  on  P  may  be  increased  with  the  number  of  Ci 
that  is  confirmed.  This  requires  a  specified  relationship  between  each  Ci  and  P,  and 
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combination  of  the  beliefs  (or  opinions)  induced  by  Ci  on  P  as  shown  in  Figure  14a.  In 
the  figure,  Compromised{X)  is  confirmed  to  a  degree  of  p  and  q  if  either  of  the  condi¬ 
tions  Unpatched{X)  and  DisabledFirewall{X)  is  confirmed,  respectively.  The  support 
for  Compromised{X)  is  only  increased  (linearly  to  p  and  q)  if  both  Unpatched{X)  and 
DisabledFirewall{X)  are  confirmed.  This  necessitates  the  use  of  the  or  operator  to  com¬ 
bine  the  belief  induced  on  p  from  the  conditions  (as  shown  in  Figure  14a).  Similarly, 
other  operators  in  Table  7  can  be  used  to  combine  the  opinions  from  Ci  according  to  the 
dependence/independence  between  Cj,  and  the  sufficiency /necessity  between  Ci  and  P. 
Exceptions  are  and /  and^'^^  which  are  generally  applicable  when  elements  in  C  collectively 
constitute  a  condition,  and  rarely  find  application  in  the  type  of  combination  discussed  in 
this  approach. 


4.4  Belief  propagation 

The  previous  section  deals  with  aggregating  belief  functions  defined  on  the  same  frame  of 
discernment  induced  by  different  sources  (e.g.,  ttiq  and  in  Figure  15)  for  which  a  col¬ 
lection  of  combination  methods  implemented  in  Influxi  have  been  presented  and  discussed. 
This  section  is  concerned  with  belief  transfer  between  different  frames  of  discernment,  such 
as  belief  transfer  between  rriT  and  m/),  or  between  mp  and  m^.  Here,  the  context  is  that 
while  a  portion  of  propositions  in  the  knowledge  base  receive  evidence  from  dedicated 
sources  or  sensors,  the  majority  of  them  would  receive  no  direct  observations,  and  thus 
assessment  of  their  belief  must  be  inferred  (if  possible)  from  other  propositions.  To  this 
end,  belief  propagation  allows  one  to  infer  the  degree  of  belief  for  those  propositions  which 
the  collected  evidence  do  not  directly  bear  on. 


TcpDuinpiX)  PingiX) 


:  7nf  0  ^  cornbluat  ion 

CoivputcrOn{X ) 


Figure  15:  An  illustration  of  belief  combination  and  belief  propagation. 


Given  any  two  propositions  with  a  dependency  relationship,  such  a  relation  can  be  imple¬ 
mented  as  an  implication  (or  ^if-theC)  rule  which  is  also  associated  with  a  belief  quantifying 
the  strength  of  the  relationship: 

A  A-  B,  where  p  G  [0, 1].  (35) 

For  instance,  the  relation  between  TcpDump{X)  and  C omputerOn{X)  might  be  described 
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as: 

TcpDump{X)  ^  C omputerOn{X) .  (36) 

In  the  Bayesian  probabilistic  interpretation,  p  is  understood  as  a  probabilistic  measure, 
and  Eq.  (35)  is  the  conditional  probability  of  B  given  A.  As  such,  Eq.  (36)  can  be  read 
as:  given  that  TcpDump  observes  packets  from  X,  there  is  an  80%  chance  that  X  is  on, 
directly  entailing  a  20%  chance  that  X  is  off. 

Unlike  the  probabilistic  standpoint,  D-S  reasoning  is  focused  on  providing  ‘provable’  belief 
measuring  the  truth  of  hypotheses/propositions  based  on  the  available  evidence.  To  this 
end,  the  quantity  p  in  Eq.  (35)  is  not  a  probabilistic  measure,  but  a  belief  mass^®  indicating 
the  extent  to  which  B  is  logically  supported  by  the  evidence  A.  In  this  sense,  Eq.  (36) 
can  no  longer  automatically  infer  0.2  as  the  degree  of  support  for  Computer On{X)  since 
the  fact  that  TcpDump  observes  packets  from  X  does  not  serve  as  a  piece  of  evidence 
proving  that  the  computer  X  is  off.  Given  that  TcpDump  observes  packets  from  X  (i.e., 
mT{{T})  =  1,  mT{{T})  =  0  and  mT{&T)  =  0),  it  is  thus  more  appropriate  to  assign  belief 
masses  to  Computer On{X)  (denoted  as  C)  as  follows: 

mciiC})  =  0.8, 

mciiC})  =  0, 

mci&c)  =  m^{{C,C})  =  0.2, 

where  0.8  is  the  degree  of  belief  for  {C}  supported  by  the  available  knowledge  and  evidence, 

{C}  is  currently  not  supported  by  any  evidence,  and  0.2  is  the  amount  of  uncertainty 
waiting  to  be  transferred  to  either  {C}  or  {C}  in  light  of  new  evidence.  As  such,  a  more 
precise  presentation  of  Eq.  (35)  would  be 

A  B  (37) 

where  [p,  1]  corresponds  to  the  belief  interval  [Bel,  PI]  associated  with  the  implication 
rule.  Eor  simplicity  of  notation,  Eq.  (35)  is  usually  used  in  place  of  Eq.  (37)  throughout 
the  document.  In  a  number  of  cases,  the  belief  of  A  may  influence  the  belief  of  both  B  and 
B.  Eor  instance,  one  may  assert  that  if  the  the  computer  X  is  plugged  in,  it  is  believed  to 
be  ‘on’  to  a  degree  of  p.  However,  if  the  person  is  also  aware  that  X  has  loose  cables,  and 
thus  it  may  not  be  on  when  plugged  in  to  a  degree  of  q.  In  this  case,  the  relation  between 
the  two  propositions  is  given  as 

PluggedIn{X)  C omputerOn{X) . 

When  q  =  1  —p  (i.e.,  A  B  ),  the  belief  function  computed  for  B  will  be  equivalent  to 
that  of  the  Bayesian  implication. 


4.4.1  Belief  propagation  functions 

As  stated  above,  Eq.  (35)  corresponds  to  the  standard  logical  implication  which  provides 
an  endorsement  for  the  conclusion  based  on  the  belief  measuring  the  truth  of  the  premise. 

^®Such  a  p  value  in  Influxi  is  also  referred  to  as  a  weight  that  quantifies  the  strength  of  the  relation 
between  any  two  propositions  A  and  B. 
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More  specifically,  on  observing  packets  generated  from  X,  the  sensor  TcpDump  can  predict 
with  a  high  degree  of  confidence  (i.e.,  at  least  80%)  that  a  computer  X  is  on.  Otherwise, 
the  sensor  is  not  able  to  provide  any  information  regarding  this  proposition  (i.e.,  the  fact 
that  TcpDump  has  not  seen  any  packets  from  X  does  not  reveal  information  regarding 
whether  the  computer  is  on). 

In  this  formulation,  belief  can  be  propagated  in  a  similar  way  to  that  of  logical  rule-based 
reasoning  where  the  belief  of  the  premise  (a  simple  or  compound  proposition)  is  aggregated 
with  the  belief  associated  with  the  rule  itself  in  order  to  deduce  the  belief  concerning  the 
conclusion.  Our  concern  here  is  how  to  combine  the  belief  associated  with  the  premise 
with  that  associated  with  the  implication  rule  in  such  a  way  that  it  is  consistent  with  D-S 
theory. 

Since  combination  of  belief  in  the  D-S  framework  is  based  on  set-theoretic  operations,  it 
is  necessary  for  the  belief  functions  being  combined  to  be  defined  on  the  same  frame  of 
discernment  (or  the  same  proposition  in  the  case  of  Influxi).  This  means,  in  order  to 
express  and  perform  the  influence  of  belief  between  A  and  B  in  Eq.  (35)  (each  associated 
with  a  BFoD,  0^1  and  0^,  respectively),  a  new  frame  needs  to  be  created  in  such  a  way 
that  it  can  distinguish  all  the  propositions  in  the  original  frames.  Provided  that  0^  and 
Qb  are  independent,  one  such  frame  is  the  Cartesian  product  of  Qa  and  Qb- 

eA,B  =  {A,B),  (A,B),  {A,B)} 

This  new  frame  is  indeed  a  common  refinement  of  both  0^  and  &b  (more  details  about 
frame  coarsenings  and  refinements  can  be  found  in  Section  3)  on  which  A  and  B  can  be 
both  expressed  using  the  following  mapping  rules: 


Ui 

a;i({A}) 

=  {{A,B),{A,^}, 

(38) 

a;i({A}) 

=  {(A,B),{A,B)}, 

0J2 

^2{{B}) 

=  {{A,B),{A,B)}, 

(39) 

M{B}) 

=  {(a,]b),(a,:b)}. 

Then  by  combining  m(^A,B)  and  (which  defines  the  current  state  of  belief  for  A)  using 
the  D-S  rule,  and  subsequently  reducing  the  resulting  belief  function  on  0^,  one  would 
obtain  which  defines  the  belief  induced  on  B  (as  shown  in  Example  8). 

Example  8  Given  the  implication  rule  in  Eq.  (36),  this  rule  can  be  interpreted 
as  not  T  or  C  (where  T  and  C  denote  TcpDump{X)  and  C omputerOn{X) ,  re¬ 
spectively)  and  expressed  on  0(7’  q  in  the  form  of  the  following  belief  function 
[51]: 

=  0.8, 

"^^,c)(®(T,c))  =  0.2. 

Let’s  assume  that  the  sensor  TcpDump  believes  to  the  degree  of  at  least  90% 
of  certainty  that  it  has  observed  packets  generated  from  X.  Thus  the  bpa 
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associated  with  the  premise  of  Eq.  (36)  is: 

mT({r})  =  0.9, 

'mT{{T})  =  0, 

mj'iQ’j')  —  0.1, 

which  can  be  defined  on  Q(t,c)  using  Eq.  (39)  as 

=  0.9, 

"^^,C)(®(T,C))  =  0.1, 

Expressed  on  the  same  frame  of  discernment,  and  can  now  be 

combined  using  the  D-S  rule.  The  combined  belief  function  that  results  is 

m[^^^)({(r,C)})  =  0.72, 

m[^^^)({(r,c),(r,c)})  =  0.18, 

m[^5,)({(r,C),(T,C),(T,C)})  =  0.08, 

"^™(®(TC))  =  0.02. 

T  R 

By  reducing  on  ©c,  one  obtains  the  following  belief  function  for 

Computer  On{X): 

mc{{C})  =  0.72, 

uT-c({C})  =  0.0, 

mciOc)  =  0.18  +  0.08  +  0.02  =  0.28. 


Indeed,  by  defining  a  relation  between  A  and  B  as  a  belief  function  on  &(^a,b):  Inflnxi 
provides  a  mechanism  to  express  an  arbitrary  relationship  pertaining  to  A  and  B,  rather 
than  being  limited  to  a  ‘strict’  logical  implication  (as  investigated  in  [9],  [17],  [15]  and 
[18]). 

Eor  the  purpose  of  enhancing  the  usability  of  the  tool  and  minimising  the  computational 
overhead  at  run-time,  Inflnxi  reduces  the  need  for  users  to  define  a  relation  between  any 
two  propositions  A  and  B  as  a  belief  function  on  &(^a,b)^  by  providing  a  collection  of  built- 
in  functions  that  capture  a  number  of  potentially  useful  relations  between  propositions 
in  practice.  These  fnnctions  allow  belief  propagation  to  be  directly  carried  out  using  the 
derived  formulas,  thereby  bypassing  the  whole  combination  process  presented  in  Example 
8. 

Table  10  illustrates  a  subset  of  the  common  types  of  relations  between  any  two  propositions 
and  Table  11  exemplifies  how  the  relations  are  formnlated  and  implemented  in  Influxi. 
In  the  case  where  the  known  relationship  between  any  two  propositions  A  and  B  is  more 
complex,  and  thus  cannot  directly  be  captured  using  the  pre-defined  functions  (such  as 
those  presented  in  Table  11),  the  relation  between  A  and  B  could  be  expressed  in  Inflnxi 
using  a  generic  assignment  function  with  additional  parameters: 

B()  =  AS(A()  /  {{pi,  P2},  {qi,  q2},  {ri ,  r2}}) 
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Type  Relation  Relation  descrip-  Example  Example  description 

tion 


Single 

relation 

AA  B 

Relation  between 
the  two  proposi¬ 
tions  is  known 

TcpDump{X)  ^  ComputerOn{X) 

If  TcpDump  observes 
packets  originating 
from  X,  it  is  likely 
that  the  computer  X 
is  on;  otherwise  it  is 
unknown  whether  X 
is  on 

If  p  =  1 

The  above  becomes 
an  is.a  relation 

Ubuntu{X)  A  Linux{X) 

If  X  is  Ubuntu,  X  is 
certainly  Linux. 

Relation  between 
the  negation  of  the 
two  propositions  is 
known 

pluggedIn{X)  A  ComputerOn{X) 

If  the  computer  X  is 
not  plugged  in,  it  is 
certainly  not  on;  oth¬ 
erwise,  it  is  unknown 
if  X  is  on 

Parallel 

relation  ^  ^  B 


Relations  between 
the  two  proposi¬ 
tions,  and  between 
their  negation,  are 
both  known 


Ping{X)  Computer{X), 

Ping(X)  ^  Computer (X) 


If  Ping  receives  a  re¬ 
sponse  from  the  com¬ 
puter  X,  it  is  almost 
certain  that  X  is  on; 
if  Ping  does  not,  it  is 
likely  that  X  is  not  on 


The  above  becomes 
an  equivalent  rela¬ 
tion 


ComputerOn(X)  ^  PowerUsed{X), 
ComputerOn{X)  ^  PowerlJ sed{X) 


If  the  computer  X 
is  on,  it  consumes 
power;  if  it  is  off, 
it  does  not  consume 
power 


A  A  B, 
A-^  B 


Relations  between 
one  proposition 
and  the  negation 
of  the  other,  as 
well  as  between 
the  negation  of  the 
proposition  and 
the  other  propo¬ 
sition,  are  both 
known 


Ping(X)  ^  Firewalled{X)^ 
Ping(X)  ^  Firewalled(X) 


If  Ping  receives  a  re¬ 
sponse  from  an  ac¬ 
tive  computer  X,  it 
is  somewhat  likely 
that  X  does  not  have 
an  active  firewall;  if 
Ping  does  not,  it  is 
likely  that  X  has  an 
active  firewall 


If  p  =  1, 
q  =  l 


The  above  becomes 
a  not  relation 


Classified(X)  A  Unclassified(X), 
Classified(X)  A  Unclassified{X) 


If  X  is  classified,  it  is 
certainly  not  unclas¬ 
sified  and  vice  versa 


If  p  =  1, 

q  =  0, 


The  above  becomes 
an  isjnotm  relation 


Ubuntu{X)  A  RedHat(X)^ 
Ubuntu(X)  A  RedHat{X) 


If  X  is  Ubuntu, 
it  is  certainly  not 
RedHat;  otherwise, 
it  is  unknown  if  X  is 
RedHat 


Table  10:  A  subset  of  common  types  of  relation  between  any  two  propositions. 
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Type 

Relation 

Relation  expression 
on  ©(A,S) 

Direct  formula 

Relation  expression 
in  Infiuxi 

Single 

relation 

B 

mA,B{{(A,B),(A,B),(A,B)})  =  p 

nriB(B)  =p*  mA(A) 

BO=Y(A()/p) 

=  1  -  p 

rriBiB)  =  0 

ms(©s)  =  l-p*mA(^) 

(Yes  transform) 

If  p  =  1 

=  mA{A) 
mB{B)  =  0 
triBiOB)  =  1  -  mA{A) 

BO=Y(A()) 

B()=INC(A()) 

A-^B 

mA,B{{(A,B),{A,B),{A,B)})  =  q 

"ia,/{©(a.s))  =  1-9 

mB{B)  =  0 

rriBiB)  =  q*  mA(A) 

■mB{G>B)  =  l-q*mA{A) 

B()=N(A()/q) 

(No  transform) 

Parallel 

relation 

A^  B, 

mA,Bi{{A,B),(A,B),(A,B)})=p 

rriBiB)  =p*mA{A) 

B()=AS(A()/{p,q}) 

A-^B 

mA,s(©(A,s))  =  1  -  p 

m'^g({{A,B),iA,B),{A,m)  =  Q 
=  1-9 

mB(B)  =  q*  mA(A) 
rriBiOB)  =  l-p*mAiA) 
-q  *  mA{A) 

(Assignment) 

lip  =  q 

mB(B)  =p*mA{A) 
mB(B)  =p*mA{A) 
rriBiOB)  =  l-p*mAiA) 

BO  =  AS(AO/p) 

A^B 

A-^B 

mA,Bi{{A,B),(A,B),(A,B)})  =  p 
mA,B(©(A,S))  =  1  -  p 
m'^g({{A,B),{A,B),{A,B)})  =  q 
"^a,b(©(A,b))  =  1-9 

mB(B)  =  p*  mA(A) 
mB{B)  =  q*  mA(A) 
mB(Q>B)  =  l-p*mA{A) 
-q  *  mA{A) 

B()=N0T(A()/{p.q}) 
(Not  transform) 

II  II 

mB{B)  =  niAiA) 

thbIB)  =  mA(A) 
ms(©s)  =  »nA(©A) 

BO=N0T(AO) 

If  p  =  1, 
q  =  0 

mB(B)  =  mA(A) 

ttibIB)  =  0 
mBi&B)  =  1  -  rriAiA) 

BO=N0T(AO/{l,0}) 

BO=N0T^INC(AO) 

Table  11:  An  illustration  of  how  the  relations  presented  in  Table  10  are  formulated  and 
implemented  in  Infiuxi.  Given  in  the  first  and  second  columns  are  the  types  of 
relation  between  the  two  propositions  A  and  B;  given  in  the  third  column  is  the 
representation  of  the  relations  in  the  form  of  belief  functions  on  0(a,_b):'  detailed 
in  the  fourth  column  are  the  direct  formulas  to  compute  belief  for  B  derived 
from  the  combination  process  presented  in  Example  8,  and  presented  in  the  last 
column  are  the  corresponding  expressions  in  Influxi. 
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which  defines  a  wide  range  of  relations  between  A  and  B: 

/I  ’4-’"'  B, 

a 4-®'  B, 

{a:4)'"4-”'  b. 

Here,  pi  and  p2  indicate  the  extent  to  which  B  is  believed  to  be  confirmed,  or  disconfirmed, 
by  A]  qi  and  q2  the  extent  to  which  B  is  believed  to  be  confirmed,  or  disconfirmed,  by 
A,  and  ri  and  r2  the  extent  to  which  B  is  believed  to  be  confirmed,  or  disconfirmed, 
by  {A,  A}  (or  ©a),  respectively.  This  allows  the  belief  to  be  computed  for  B  using  the 
following  formulas: 

m{B) 
m{B) 
m{QB) 

4.4.2  Utility  functions 

Beyond  the  collection  of  functions  implemented  for  the  specific  purpose  of  proposition 
construction,  belief  combination  and  belief  propagation  as  presented,  Influxi  also  provides 
a  number  of  utility  functions.  These  utility  functions  exist  to  provide  users  with  ways 
to  manipulate  belief  masses  associated  with  propositions  in  ways  that  may  be  useful  for 
various  applications.  For  instance,  the  conflict  function  (to  measure  the  degree  of  internal 
conflict  within  a  belief  between  a  proposition  and  its  negation) ,  and  the  ignorance  function 
(to  measure  the  degree  of  ignorance  in  a  belief  function). 


=  Pi  *  m{A)  +  qi  *  m{A)  +  n  *  m{QA),  (40) 

=  p2*m{A)  +  q2*m{A) +  r2*rn{QA), 

=  1  —  m{B)  —  m{B) . 


4.5  A  brief  discussion  of  other  reasoning  aspects 

In  this  section,  we  briefly  mention  other  reasoning  aspects  of  Influxi  which  are  not  among 
the  main  topics  of  discussion  in  the  document,  including  forward  and  backward  chaining, 
dynamic  knowledge  and  belief  change,  utilisation  of  predicate  calculus,  and  interfaces  to 
external  programs. 

4.5.1  Forward  and  backward  chaining 

Forward  chaining  is  a  process  for  propagating  belief  updates  to  related  propositions  (via 
directed  links),  instantiating  new  propositions  if  possible.  Forward  chaining  occurs  when¬ 
ever  the  belief  for  an  existing  proposition  changes,  or  a  new  proposition  is  instantiated. 
As  an  optimisation,  only  belief  changes  with  a  magnitude  that  exceeds  a  threshold  T  are 
forward  propagated.  Since  the  impact  of  a  belief  change  may  diminish  through  multiple 
propagations,  this  can  become  a  significant  efficiency  gain,  especially  in  large  networks. 

Conversely,  beginning  with  a  proposition  being  queried,  backward  chaining  is  a  process  for 
instantiating  new  propositions  as  required  to  derive  the  query  result,  following  directed 
links  in  a  backward  direction.  This  may  occur  when  a  proposition  is  queried  that  is  not 
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yet  instantiated.  When  new  propositions  are  instantiated  as  a  result  of  backward  chaining, 
forward  chaining  for  each  such  proposition  will  occur. 


4.5.2  Dynamic  knowledge  and  belief  change 

Influxi  is  designed  to  operate  in  real-time  with  dynamic  knowledge  and  beliefs.  More 
specihcally,  Influxi  supports  the  following  operations  during  run  time; 


•  belief  values  for  propositions  can  be  changed, 

•  propositions  can  be  added,  or  removed,  and 

•  rules  (that  define  proposition  construction,  belief  propagation,  or  belief  combination) 
can  be  added. 


The  above  operations  may  be  followed  by  forward  and  backward  chaining  processes  to 
automatically  instantiate  and  update  beliefs.  Unless  an  entire  network  of  propositions 
is  removed,  the  removal  of  a  proposition  might  be  inhibited  by  the  network  dependency 
structure.  In  such  a  case,  effective  removal  may  instead  be  achieved  by  assigning  a  fixed 
belief  of  ignorance  to  the  proposition. 


4.5.3  Representing  knowledge  with  predicates  and  variables 

For  many  purely  numerical  approaches  for  reasoning  under  uncertainty,  propositional  rep¬ 
resentations  are  used.  With  such  a  representation,  each  relation  must  be  explicitly  stated 
for  each  object  in  a  domain: 

if  one  can  ping  1.1. 1.1,  it  is  likely  that  the  computer  at  1.1. 1.1  is  on, 

if  one  can  ping  1.1. 1.2,  it  is  likely  that  the  computer  at  1.1. 1.2  is  on, 

if  one  can  ping  1.1. 1.3,  it  is  likely  that  the  computer  at  1.1. 1.3  is  on, 

etc. 

Instead,  Influxi  adopts  the  predicate  calculus,  where  a  predicate  acts  as  a  template  that 
describes  a  property  or  relationship  represented  by  variables  (denoted  by  the  prefix  $), 
allowing  a  relation  to  be  stated  for  all  objects  in  a  domain: 

if  one  can  ping  %Address,  it  is  likely  that  the  computer  at  %Address  is  on, 

(i.e.,  Ping{$Address)  — >•  ComputerOn{% Address)). 

A  predicate  may  be  associated  with  n  variables  (n-ary  predicate).  Unary  predicates 
(n  =  1)  are  used  to  describe  a  property  or  membership  of  instances  represented  by  the 
variable,  such  as  C omputerOn{% Address) ,  and  n-ary  predicates  (n  >  1)  are  used  to  ex¬ 
press  relationships  among  variables,  such  as  Communicating{%Sender,%Receiver).  The 
scope  of  such  variables  is  limited  to  the  specific  relation  in  which  they  appear,  e.g.,  the 
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variables  $Sender  and  ^Receiver  in  the  following  relation  only  take  on  values  within  the 
relation: 

S ending Packet{% Sender,  %Receiver)  — )■  Communicating{% Sender,  ^Receiver). 

To  enable  reasoning  across  contexts,  Influxi  supports  the  use  of  structured  predicate  names 
to  embed  contextual  information.  In  the  example  below  which  states  whether  the  software 
MozillaFirefox  is  installed  on  the  computer  fileserver.  Installed  carries  the  semantics 
defined  in  the  context  of  Computer. Software: 

Computer.Software.Installed{fileserver,  MozillaFirefox). 

4.5.4  Distributed  reasoning 

Influxi  also  supports  the  distribution  of  reasoning,  desirable  for  large  reasoning  tasks  and 
applications  benefitting  from  decentralisation.  With  this  capability,  a  reasoning  network 
can  be  divided  into  fragments  each  stored  and  executed  in  one  or  more  Influx  instances. 
The  collection  of  such  instances  is  distributed  among  a  pool  of  computers,  sending  and 
receiving  knowledge,  and  coordinating  the  results  from  each  other  in  order  to  perform  a 
certain  global  task.  Not  only  does  this  allow  for  rapid  reasoning  and/or  reasoning  at  scale, 
but  it  also  provides  flexibility  and  redundancy  to  enhance  system  resilience  and  robustness 
against  intentional  or  accidental  incidents. 

4.5.5  Interfaces  to  external  programs 

Not  all  types  of  problems  are  naturally  suited  to  being  entirely  modelled  and  implemented 
within  Influxi .  In  general,  problems  such  as  those  that  require  complex  control  knowledge 
with  significant  looping,  branching  and  dependent  subprocesses,  or  that  call  for  compli¬ 
cated  arithmetic  computation,  would  be  difficult  to  solve  entirely  within  Influxi.  Such 
problems  might  be  solved  at  a  meta-level  by  having  an  external  program  that  interacts 
with  instances  of  Influxi.  As  such,  Influxi  is  intended  to  work  in  conjunction  with  exter¬ 
nal  programs,  such  as  other  reasoning  engines  and  control  programs.  To  this  end,  Influxi 
provides  a  number  of  interfaces  (currently  Unix  pipes,  network  sockets.  Influx  files  and 
the  console)  that  provide  common  services.  This  allows  an  application  to  be  built  more 
naturally,  where  each  tool  is  used  to  its  particular  strength. 
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5  Final  discussion  and  remarks  about  Influxi 

Influxi  is  a  simple,  but  highly  flexible  and  efficient,  tool  and  framework  for  general  reason¬ 
ing  with  uncertainty.  More  specifically,  Influxi  is  capable  of  handling  imperfect  knowledge, 
operating  in  a  distributed  and  dynamic  manner,  while  attaining  plausible  reasoning  due 
to  its  various  methods  to  represent  and  deal  with  uncertainty  formulated  based  on  D-S 
theory.  The  design  and  development  of  Influxi  is  driven  by  the  practical  objectives  stated 
at  the  beginning  of  the  document.  The  following  discussions  and  remarks  are  with  respect 
to  these  objectives.  Empirical  results  for  the  application  of  Influxi  to  certain  problems  of 
interest  may  be  found  in  a  forthcoming  document. 


Flexibility  The  flexibility  of  Influxi,  due  to  a  large  extent  to  the  utilisation  of  D-S  belief 
representation,  fusion  and  inference,  manifests  in  many  aspects: 


•  Regarding  input  knowledge,  unlike  classical  reasoning  (which  treats  knowledge  with 
an  absolute  certainty)  and  those  reasoners  based  on  probability  theory  (which  de¬ 
mands  ‘completeness’  of  knowledge),  Influxi  is  able  to  represent  and  reason  with 
uncertain  and  incomplete  knowledge.  In  other  words,  users  are  only  required  to  pro¬ 
vide  information  that  is  available.  If  a  piece  of  knowledge  is  known  with  an  absolute 
certainty,  it  can  be  entered  into  Influxi  as  a  fact.  Conversely,  if  the  piece  of  knowl¬ 
edge  is  associated  with  a  specific  degree  of  uncertainty,  the  uncertainty  pertaining 
to  the  knowledge  can  be  quantified  in  the  form  of  objective  probability  if  relevant 
statistical  data  exists,  or  subjective  belief  if  such  statistical  information  is  missing 
but  expert  knowledge  is  available.  In  the  cases  where  statistical  information  or  ex¬ 
pert  knowledge  is  available  but  not  complete,  one  is  able  to  provide  such  knowledge, 
or  simply  state  ‘total  ignorance’  in  the  absence  of  all  the  mentioned  knowledge  or 
information. 

•  With  respect  to  knowledge  structure,  Influxi  allows  a  wide  range  of  relations  between 
propositions  to  be  expressed.  For  usability  and  efficiency  purposes,  direct  formulas 
for  a  number  of  commonly  encountered  relations  between  propositions  are  derived 
and  implemented  in  Influxi  in  the  form  of  built-in  functions  available  for  users. 
Influxi  also  supports  dynamic  knowledge  structures,  with  rules  having  a  variable 
number  of  inputs  (or  information  sources). 

•  In  terms  of  reasoning,  the  D-S  based  inference  in  Influxi  is  capable  of  simplifying  into 
probabilistic  reasoning,  or  reducing  to  three-valued  logical  reasoning  in  a  seamless 
manner  at  any  time  during  its  execution  as  demanded  by  the  users  or  warranted  by 
the  situations.  The  reasoning  framework  of  Influxi  can  also  be  directly  extended  to 
facilitate  inferences  in  different  modalities,  e.g.,  inferencing  in  a  possibilistic  manner 
where  observations  are  specified  in  a  form  of  ‘possibilistic  evidence’  and  the  D-S 
rule  replaced  by  a  possibilistic  fusion  operator,  or  deductive  reasoning  with  binomial 
opinions  using  subjective  logic  where  belief  combination  is  to  be  carried  out  using 
Jpsang’s  consensus  rule. 

•  With  respect  to  output  knowledge,  Influxi  provides  a  rich  and  informative  inter¬ 
pretation  of  knowledge.  It  provides  information  which  indicates  both  the  degree  to 
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which  a  proposition/hypothesis  is  believed  to  be  true  based  on  the  available  evidence 
(by  means  of  the  belief  interval  [Bel,  PI])  and  the  degree  to  which  the  proposition  is 
probably  true  (by  means  of  the  BetP  function).  Reasoners  based  on  Bayesian  models 
are  usually  capable  of  providing  answers  only  for  the  latter  case. 

•  Influxi  also  allows  developers  to  capture  the  degree  of  conflict  among  pieces  of  ev¬ 
idence  or  knowledge.  Not  only  does  Influxi  offer  various  ways  to  resolve  conflicts 
that  best  suit  the  specific  applications  and  situations  at  hand,  but  it  is  also  the 
case  that  the  captured  degree  of  conflict  itself  can  potentially  play  an  important  role 
in  detecting  abnormality  and  deception.  For  instance,  a  deception  model  could  be 
built  within  or  on  top  of  Influxi  which  utilises  application/domain-specific  knowl¬ 
edge  regarding  the  information  sources  and  hypotheses  (or  propositions)  of  interest, 
together  with  the  relevant  conflicts  dynamically  captured  at  run-time  in  order  to 
detect  suspicious  events  and  phenomena. 

•  Influxi  provides  interfaces  with  common  services,  allowing  other  programs  and  tools 
to  interact  with  instances  of  Influxi.  This  allows  each  portion  of  a  problem  to 
be  solved  using  the  most  appropriate  approach,  utilising  Influxi  and  other  programs 
where  favourable,  providing  greater  flexibility  in  solving  problems  with  the  assistance 
of  Influxi .  These  same  interfaces  also  allow  multiple  instances  of  Influxi  to  interact 
with  each  other,  which  encourages  modular  and  distributed  solutions  for  further 
flexibility. 


Efficiency  The  efficiency  of  Influxi  is  due  to  the  combination  of  highly-optimised  tech¬ 
niques  and  methods  for  data  storage  and  algorithms  utilised  at  the  implementation  level, 
and  the  simplicity  of  the  design. 

•  Regarding  the  implementation  of  Influxi,  the  achieved  high  performance  is  due  to 
its  use  of  Hold  (a  multiple  key  hash  table  implementation  with  Bloom  filters)  that 
enables  rapid  lookup,  search  and  match  operations  (for  knowledge  queries  and  rules), 
and  the  compact  storage  of  knowledge,  the  details  of  which  are  for  another  document. 

•  Regarding  the  high-level  design,  Influxi ’s  efficiency  is  gained  through  local  compu¬ 
tations  and  the  utilisation  of  coarsened  (binary)  frames  of  discernment  to  represent 
the  portion  of  the  discernment  space  of  interest.  This  allows  the  derivation  of  sig¬ 
nificantly  simplified  formulas  for  all  DS-related  rules  and  inferences. 

Unlike  a  number  of  existing  rule-based  systems  which  do  not  (or  to  a  limited  degree) 
take  into  account  the  potential  dependency  of  evidence  being  combined,  Influxi 
capitalises  on  state-of-the-art  fusion  methods  and  techniques  in  the  literature  in 
providing  users  with  mechanisms  to  more  effectively  tackle  this  problem.  More 
specifically,  the  reasoner  offers  a  range  of  operators  that  allow  users  to  combine  beliefs 
induced  from  independent  sources,  from  dependent  sources,  and  to  approximate  the 
combination  result  when  the  dependency  of  evidence  is  potentially  complex  beyond 
what  can  be  captured  and  expressed  in  an  intuitive  and  plausible  manner. 

Scalability  Though  the  use  of  numerical  values  for  uncertainty  representation  is  con¬ 
venient  and  useful,  quantitative  approaches  often  raise  practical  concerns  about  the  po¬ 
tentially  large  number  of  numerical  values  that  are  involved  and  their  required  precision, 
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which  can  hamper  both  the  knowledge  acquisition  process  and  the  efficiency  of  reasoning. 
However,  such  concerns  appear  not  to  pose  a  significant  hindrance  to  Influxi  based  on  the 
following  grounds. 

•  The  former  concern  (regarding  the  number  of  numerical  values  required)  is  commonly 
discussed  in  the  context  of  the  practical  application  of  (classical)  probabilistic  mod¬ 
els.  Such  probabilistic  models  require  either  a  global  probability  distribution,  or 
joint  probability  distributions  (e.g.,  Bayesian  networks)  where  the  number  of  nu¬ 
merical  values  required  is  exponential  to  the  number  of  all  variables  involved  (in  the 
former  case)  or  to  the  number  of  parents  for  the  child  (in  each  latter  case).  Such 
distributions  are  not  required  in  Influxi.  Instead  of  requiring  one  to  assume  that 
any  relation  between  two  or  more  propositions  is  certain  and  deterministic,  Influxi 
endows  one  with  a  capability  to  express  his/her  belief  (by  means  of  numerical  val¬ 
ues)  when  this  is  not  the  case.  Therefore,  the  number  of  numerical  values  is  only 
linear  to  the  number  of  uncertain / indeterministic  relations  in  the  rule  network  (or 
the  number  of  such  parents  for  a  child). 

•  With  respect  to  the  latter  concern  about  the  necessary  precision  of  the  numerical 
values,  empirical  experiments  which  studied  the  necessary  precision  of  numerical 
values  to  measure  uncertainty  in  quantitative  reasoning  (conducted  with  Bayesian 
networks  [26,  40])  have  shown  insensitivity  to  the  precision  of  those  values.  Thus 
approximations  that  distinguish  different  degrees  of  certainty,  rather  than  precise 
reflections  of  reality,  can  be  considered  sufficient  when  using  Influxi  in  many  practical 
cases.  For  instance  when  a  precise  measure  is  not  available,  it  might  be  possible  for 
one  to  devise  a  scheme  to  approximate  numerical  measures  of  uncertainty  based  on 
qualitative  measures  such  as 

impossible  <  unlikely  <  ...  <  maybe  <  often  <  ...  <  usually  <  likely  <  certainly 
where  <  denotes  the  relative  degree  of  strength. 


System  dynamics  Influxi  has  been  developed  to  support  dynamic  applications.  There 
is  no  pre-processing  or  initialisation  phase,  and  changes  to  the  system  can  be  made  at 
any  time  without  incurring  significant  penalty.  This  is  achieved  by  supporting  changes  to 
beliefs  and  knowledge  in  real-time,  with  forward  and  backward  chaining  used  to  propagate 
and  construct  beliefs  and  networks  respectively  in  response.  In  this  way,  applications 
can  be  built  that  permit  constant  change  and  growth,  as  required  for  many  real  world 
situations. 


Limitations  of  Influxi  Despite  the  aforementioned  qualities,  Influxi  has  a  number  of 
limitations.  Major  limitations  of  Influxi  are  given  below. 

•  Influxi  provides  a  very  flexible  framework  that  offers  diverse  instruments  to  tailor  a 
reasoning  task  to  the  available  knowledge,  specific  requirements  and  specific  situation 
at  hand.  However,  this  flexibility  comes  at  a  cost:  the  requirement  that  users  have  a 
sufficient  understanding  of  the  different  methods  and  techniques  provided  by  the  tool 
with  which  to  make  correct  judgments  and  decisions  in  constructing  a  rule  network. 
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•  Influxi  does  not  yet  possess  capabilities  that  ease  various  modelling  efforts.  For 
instance,  it  is  highly  desirable  for  the  tool  to  (i)  automate  the  process  of  dependency 
analysis  to  assist  the  developers  in  choosing  the  appropriate  combination/fusion 
operators  (a  task  that  may  be  demanding  when  the  system  is  scaled  to  a  large 
size  with  widespread  dependencies),  and  (ii)  automatically  transfer  belief  between 
mutually  exclusive  propositions  (a  task  that  currently  requires  explicit  modelling). 
The  lack  of  these  capabilities  is  felt  most  at  scale,  thus  restricting  scalability.  The 
potential  of  automated  dependency  analysis  further  raises  the  prospect  of  supporting 
scenarios  with  dynamic  dependency  relationships  that  change  at  run-time,  something 
not  yet  addressed  in  Influxi. 

•  Influxi  currently  performs  unidirectional  reasoning  (i.e.,  belief  is  propagated  between 
propositions  in  one  direction).  In  this  respect,  the  reasoning  power  of  an  inferencing 
system  can  be  enhanced  by  allowing  for  a  bidirectional  flow  of  information,  thus 
achieving  both  types  of  reasoning  (deductive  and  abductive)  over  the  same  knowl¬ 
edge  structure.  For  instance,  given  A  ^  B,  one  can  deductively  derive  S  if  A  is 
verified,  and  conversely,  can  abductively  infer  A  if  i?  is  observed.  However,  the 
same  principle  does  not  apply  in  the  presence  of  uncertainty:  given  A  ^  B,  one 
would  encounter  trouble  predicting  the  belief  for  A  solely  based  on  the  occurrence 
of  B.  In  this  regard,  having  both  types  of  rule  (e.g.,  A  ^  B  and  B  ^  A)  explic¬ 
itly  specified  in  the  system  would  make  bidirectional  reasoning  possible,  but  could 
cause  cyclic  inferencing,  leading  to  beliefs  being  amplified  and  invalid  conclusions 
being  derived.  The  problem  of  cyclic  inferencing  can  be  eliminated  by  enabling  the 
system  to  remove  either  of  the  rules  when  the  other  rule  is  activated  [39],  in  which 
case  the  simplicity  and  elegance  of  the  inferencing  system  inevitably  diminishes.  In 
practice,  (traditional)  expert  systems  dealing  with  uncertainty  (such  as  the  medical 
expert  system  MYCIN)  tackle  this  problem  by  simply  disallowing  bidirectional  flows 
of  information  [39]. 

The  design  of  Influx2  is  motivated  to  rectify  the  aforementioned  limitations  and  to  augment 
the  reasoning  capability  of  Influxi.  More  specifically,  Influx2  aspires  to  offer  a  seamless 
integration  of  deductive  and  abductive  reasoning,  as  well  as  to  enhance  the  coherency,  us¬ 
ability  and  scalability  of  the  reasoner,  as  well  as  to  support  dynamic  dependency  structure 
without  significantly  compromising  the  efficiency  and  simplicity  of  Influxi . 
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